💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › slrntiu5ho.2bp.mbays@ma.sd… captured on 2024-06-16 at 13:14:53. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

-=-=-=-=-=-=-

Re: Client Certificates

Message headers

From: mbays@sdf.org

Subject: Re: Client Certificates

Date: Sat, 24 Sep 2022 14:37:44 GMT

Message-ID: <slrntiu5ho.2bp.mbays@ma.sdf.org>

Message content

On 2022-09-21, noscript <name@example.com> wrote:

When a client creates a certificate for a server gemini://example.com,
does it send the certificate for all request to the server?

Here's how it's mean to work, taken from the Gemini spec:

| A client certificate which is generated or loaded in response to such

| a status code [60-62] has its scope bound to the same hostname as the

| request URL and to all paths below the path of the request URL path.

| E.g. if a request for gemini://example.com/foo returns status 60 and

| the user chooses to generate a new client certificate in response to

| this, that same certificate should be used for subsequent requests to

| gemini://example.com/foo, gemini://example.com/foo/bar/,

| gemini://example.com/foo/bar/baz, etc., until such time as the user

| decides to delete the certificate or to temporarily deactivate it.

| Interactive clients for human users are strongly recommended to make

| such actions easy and to generally give users full control over the

| use of client certificates.

There are URLs which a reachable without client certificates (like
CDG) and when the client has a certificate there are additional links.

In the case of CDG, this means that if you try to add a link in

a certain category and create/select a certificate for that purpose,

then your client should then also apply it to all requests for that

category or its subcategories. So if you add a link, you should then see

the "edit" option for it when you list the category.

Related

Parent:

Client Certificates (by noscript <name@example.com> on Wed, 21 Sep 2022 18:19:59 -0000 (UTC))