Petite Abeille petite.abeille at gmail.com
Thu Jun 11 01:20:17 BST 2020
- - - - - - - - - - - - - - - - - - -
On Jun 11, 2020, at 01:54, Thomas Karpiniec <tkarpiniec at icloud.com> wrote:
This is possible regardless using query strings, or even more
obnoxiously, dynamic paths/links.
Very true. They are all equivalent:
gemini://cookie@mozz.us/beer/gemini://mozz.us/beer/?cookiegemini://mozz.us/beer/#cookiegemini://mozz.us/beer/cookie
Even though, query strings seem to be "special" in gemini, i.e. equivalent to a POST related to 1x (INPUT).
At the end of the day all you can do
is call out dodgy behaviour, and if site owners tried it anyway,
attempt to make this sort of thing visible to client users.
Sure.
The thought about userinfo was rather less nefarious: a casual way for user-agent to customize their server access.
Same as 6x (CLIENT CERTIFICATE REQUIRED), but less ceremonial.
I.e. automated cookie tagging is the equivalent of server driven 61 TRANSIENT CERTIFICATE REQUESTED.And named token would be the similar to 62 AUTHORISED CERTIFICATE REQUIRED.
Minus the yak shaving.