Message-ID:

If a 'train station' is where a train stops, what's a 'workstation'?

devel / comp.infosystems.gemini / Client Certificates

Client Certificates

<tgfkkf$1shjm$1@dont-email.me>

https://www.rocksolidbbs.com/devel/article-flat.php?id=295&group=comp.infosystems.gemini#295

copy link Newsgroups: comp.infosystems.gemini

Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: name@example.com (noscript)
Newsgroups: comp.infosystems.gemini
Subject: Client Certificates
Date: Wed, 21 Sep 2022 18:19:59 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 7
Message-ID: <tgfkkf$1shjm$1@dont-email.me>
Injection-Date: Wed, 21 Sep 2022 18:19:59 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="94bcc7ae702dc169d6c3f6962b4db8e6";
logging-data="1984118"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19pG+9bjAnitU17J6lb75vjTxp6AWI+U3c="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:bICqxvtDYZcO6+gDhohZpsuEu/U=

by: noscript - Wed, 21 Sep 2022 18:19 UTC

When a client creates a certificate for a server gemini://example.com,
does it send the certificate for all request to the server?

There are URLs which a reachable without client certificates (like CDG) and when
the client has a certificate there are additional links.

I wonder how this works.

Re: Client Certificates

<slrntiu5ho.2bp.mbays@ma.sdf.org>

copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=298&group=comp.infosystems.gemini#298

copy link Newsgroups: comp.infosystems.gemini

Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!feed1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx16.iad.POSTED!not-for-mail
Newsgroups: comp.infosystems.gemini
From: mbays@sdf.org
Subject: Re: Client Certificates
References: <tgfkkf$1shjm$1@dont-email.me>
User-Agent: slrn/1.0.3 (Linux)
Message-ID: <slrntiu5ho.2bp.mbays@ma.sdf.org>
Lines: 27
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Sat, 24 Sep 2022 14:37:44 UTC
Organization: Newshosting.com - Highest quality at a great price! www.newshosting.com
Date: Sat, 24 Sep 2022 14:37:44 GMT
X-Received-Bytes: 2038

by: mbays@sdf.org - Sat, 24 Sep 2022 14:37 UTC

On 2022-09-21, noscript <name@example.com> wrote:
> When a client creates a certificate for a server gemini://example.com,
> does it send the certificate for all request to the server?

Here's how it's mean to work, taken from the Gemini spec:
| A client certificate which is generated or loaded in response to such
| a status code [60-62] has its scope bound to the same hostname as the
| request URL and to all paths below the path of the request URL path.
| E.g. if a request for gemini://example.com/foo returns status 60 and
| the user chooses to generate a new client certificate in response to
| this, that same certificate should be used for subsequent requests to
| gemini://example.com/foo, gemini://example.com/foo/bar/,
| gemini://example.com/foo/bar/baz, etc., until such time as the user
| decides to delete the certificate or to temporarily deactivate it.
| Interactive clients for human users are strongly recommended to make
| such actions easy and to generally give users full control over the
| use of client certificates.

> There are URLs which a reachable without client certificates (like
> CDG) and when the client has a certificate there are additional links.

In the case of CDG, this means that if you try to add a link in
a certain category and create/select a certificate for that purpose,
then your client should then also apply it to all requests for that
category or its subcategories. So if you add a link, you should then see
the "edit" option for it when you list the category.

Subject	Author
Client Certificates	noscript
Re: Client Certificates	mbays