💾 Archived View for bbs.geminispace.org › u › skyjake › 5261 captured on 2023-11-04 at 16:10:14. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-09-28)

➡️ Next capture (2023-11-14)

🚧 View Differences

-=-=-=-=-=-=-

Comment by 🚀 skyjake

Re: "Gemini: Update User Certificate"

In: s/Gemini

I really should add something about this to the Help page...

Briefly, on BBS:

• Go to /settings/certs and set a password. It will be valid for an hour.
• Activate your new certificate on the front page.
• Pick the "add alternative" option and it will ask you for the username and password.

Now both certificates are linked to your account. You can then remove the old one(s) if you want on the same Certificate Settings page.

When it comes to signing with the old certificate, as @clseibold says, clients would need to automate this for it to be a feasible method. Otherwise it's too difficult to do for the average user.

🚀 skyjake

2023-09-12 · 8 weeks ago

4 Later Comments ↓

🚀 clseibold

@skyjake Oh! I didn't realize Bubble had time limit on the password! I think other services don't have this. I'm glad you did it like this, because it feels way more secure.

🚀 mbays

Thinking about it, here's an even simpler approach: while a user is logged in (identified by one cert), show a link of the form "/addcert?$UID+$TOKEN" where UID is the key in the server's user database and TOKEN is e.g. sha256(UID+SECRET) where SECRET is a server secret. Then if that link is followed with a new certificate, the server can consider the new cert to belong to UID. Problem: copy+paste or having a shoulder-surfer could leak the token. Partial solution: make the token time-limited.

🦋 karel

Thank you so much, this was an interesting discussion. I would personally prefer the solution with the signature chain (sign the new certificate with the old one). Also thanks for telling me how the certificate update works on BBS. For some reason, I failed on the first attempt (yes, it works).

🦋 karel

@skyjake: Yes, please, add that text snippet to the Help page.

2023-09-15 · 7 weeks ago

Original Post

🌒 s/Gemini

Gemini: Update User Certificate — Gemini uses certificates for login authentication. There are many valid reasons to change/update certificates. Certificates expire. Algorithms become outdated, keys too short. One might move from a global certificate to one per service (or the other way around). Change the user name and more. Yet, the protocol provides no way to update a certificate. I tested a certificate update both with Astrobotany and with the BBS and failed. Does anyone know of an...

💬 karel · 10 comments · 2023-09-12 · 8 weeks ago