Message-ID:

Unix is the worst operating system; except for all others. -- Berry Kercheval

devel / comp.infosystems.gemini / Requests and SNI

Requests and SNI

<tgrkp2$3mggi$1@dont-email.me>

https://www.rocksolidbbs.com/devel/article-flat.php?id=299&group=comp.infosystems.gemini#299

copy link Newsgroups: comp.infosystems.gemini

Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: name@example.com (noscript)
Newsgroups: comp.infosystems.gemini
Subject: Requests and SNI
Date: Mon, 26 Sep 2022 07:36:02 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 14
Message-ID: <tgrkp2$3mggi$1@dont-email.me>
Injection-Date: Mon, 26 Sep 2022 07:36:02 -0000 (UTC)
Injection-Info: reader01.eternal-september.org; posting-host="edd23e6caf15cfe41cf405c5ce8927ed";
logging-data="3883538"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18cblxZeW7NPb2sqi+WEJ5W3BiADa4FhI4="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:ao17uVAbj8AjdZjqsvSmngGfHlw=

by: noscript - Mon, 26 Sep 2022 07:36 UTC

In the request description (section 2) of the gemini specification, there is:

> Gemini requests are a UTF-8 encoded absolute URL, including a scheme
> Sending an absolute URL permits virtual hosting of multiple Gemini
> domains on the same IP address.

And TLS section 4, there is:

> Use of the Server Name Indication (SNI) extension to TLS is also mandatory,
> to facilitate name-based virtual hosting.

The SNI seems redundant because the hostname is in the request already.

What is the reason to have SNI mandatory?

Re: Requests and SNI

<20220926142046.1d30f63e@banduras-laptop>

copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=300&group=comp.infosystems.gemini#300

copy link Newsgroups: comp.infosystems.gemini

Path: i2pn2.org!i2pn.org!aioe.org!news.mixmin.net!.POSTED!not-for-mail
From: m.k@mk16.de (Marek Küthe)
Newsgroups: comp.infosystems.gemini
Subject: Re: Requests and SNI
Date: Mon, 26 Sep 2022 14:20:46 +0200
Organization: Mixmin
Message-ID: <20220926142046.1d30f63e@banduras-laptop>
References: <tgrkp2$3mggi$1@dont-email.me>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Injection-Info: news.mixmin.net; posting-host="c7166ed69fc7d71ba5642d549a25a36d94a7b5dd";
logging-data="3831579"; mail-complaints-to="abuse@mixmin.net"
X-Newsreader: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)

by: Marek Küthe - Mon, 26 Sep 2022 12:20 UTC

First with a TLS connection established with the server. The server
must find a suitable certificate for the connection with the hostname
of the domain. If you request without SNI, the server does not know
which domain and therefore which certificate to select. The actual
Gemini request comes later, when the TLS connection is established. The
SNI has more or less the same purpose as in the WWW.

On Mon, 26 Sep 2022 07:36:02 -0000 (UTC)
noscript <name@example.com> wrote:

> In the request description (section 2) of the gemini specification, there is:
>
> > Gemini requests are a UTF-8 encoded absolute URL, including a scheme
> > Sending an absolute URL permits virtual hosting of multiple Gemini
> > domains on the same IP address.
>
> And TLS section 4, there is:
>
> > Use of the Server Name Indication (SNI) extension to TLS is also mandatory,
> > to facilitate name-based virtual hosting.
>
> The SNI seems redundant because the hostname is in the request already.
>
> What is the reason to have SNI mandatory?

Subject	Author
Requests and SNI	noscript
Re: Requests and SNI	Marek Küthe