solderpunk solderpunk at SDF.ORG
Thu May 28 18:59:05 BST 2020
- - - - - - - - - - - - - - - - - - -
As some of you may have read atgemini://gemini.circumlunar.space/users/solderpunk/cornedbeef/the-mercury-protocol.gmi,I have been having a small semi-crisis-of-confidence regarding theapparently unavoidable complexity of speccing a robust and flexiblemechanism for in-band authentication with client certificates. Thanks,by the way, to everybody who emailed me or made posts of their own inresponse to that post.
I'm still committed to mandatory TLS in Gemini, as I have been since dayone. And I still think client certificates are an under-appreciated andpowerful tool for authentication. But I've also convinced myself thatthe transient certificate idea got specced mostly just because I was sopleased by the realisation that it was *possible* to use client certsthat way, not because there was a clear motivation. So far nobody hasused them for anything and it hasn't exactly ruined the experience.People have been building interesting interactive things without clientcerts so far. The most obvious and compelling use case for clientcertificates for me is for people to be able to put up private contentfor their own use (a private bookmarking or to-do app, for example), andthat doesn't require anything complicated in Gemini at all, it can bedone ssh style by whitelisting the fingerprint of a self-signed cert, ortraditional TLS style by setting up your own CA.
None of which is to say the other stuff needs to go, but I think itprobably ought to be a lower priority than other considerations whichaffect searchability and accessibility of publically available material,which is clearly more important - yes, less fun and interesting from atechnogeek perspective, but more actually important.
I'm going to keep thinking about this stuff, and I encourage people toshare their thoughts and ideas and to experiment with what's specced inAV-98. But, whereas I previously thought this would be the part of thespec which saw the bulk of activity once the spec freeze wore off, Ithink maybe for now this should actually stay in the "experimentalfeatures for power users, subject to change" category while we focus onother stuff.
Cheers,Solderpunk