💾 Archived View for bbs.geminispace.org › s › Yoda › 22093 captured on 2024-12-17 at 15:11:32. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Trying to complete user certificate integration, it works for BBS as ?register query but on Station, URI have /join sub-path, so by protocol specification, I can't give the authorization to the parent area (entire domain in this case), but how does it work in other browsers?
Maybe I miss some line in specification or just must to ignore URI follow for 6* status code
The scope of a certificate generated in response to this status code should is limited to the host and port from which the status code was received and the path of the URL in the original request plus all paths below it.
Client certificates specification
Nov 23 · 3 weeks ago
🕹️ skyjake [...] · Nov 23 at 10:11:
Perhaps you've checked it already, but in Lagrange the user can choose the scope of a generated certificate. If you pick an existing certificate, it activates for the current page path, but newly created certificates can get activated for the entire domain, the current directory, or the page.
Station implemented their /join page long before the current best practice recommendation existed.
👻 ps [OP/mod] · Nov 23 at 17:10:
Thanks for info, skyjake!
in this browser, user can manually select created certificate again, when open home page, but it's not useful of course, and one more extra option could confuse new users..
I even don't know what to do now :) Just checked Astrobotany have same path-based URI /app
Suppose the address of regular login page shoud be like domain.com?some_auth but no way to change it
Need more time to think about
My opinion is that you should allow the user to override the certificate scope (and any other options that may be appplicable) when being prompted for the certificate.
(The above is also mentioned in the Scorpion protocol specification, although some of the other recommendations in the section about client certificates would also be applicable to Gemini.)