Gateway Interfaces for Gemini

[solderpunk]

On Mon, May 25, 2020 at 07:11:04PM -0400, Sean Conner wrote:

> [b]	Mandatory per RFC-3875---the more security conscience of you might
> 	not like this, but in that case, I can recommend the value of
> 	"127.0.0.1" or "::1" 
> [c]	Can be the IP address, which is what I do

It's true that, as I've written in the past, I really am not a fan of
this information being passed along for privacy reasons.  Yes, of
course, I know full well that the server itself already knows your IP
address, by necessity.  I am totally fine with admins logging that
information for the sake of debugging or abuse prevention.

But I just don't see the need to pass this information along to
applications.  What possible legitimate use could they have for it?  If
they want to recognise consecutive requests from the same user so they
can maintain state server side, well, that's what client certificates
are for.  The application can request one, instead of relying on the IP
address, which won't work well anyway if somebody is using a popular VPN
exit node.  The only other thing I can think of which is potentially
even vaguely legimiate is geolocation so the app can e.g. serve a
suitable translated interface.  But even that's iffy in my mind because
geolocation is so terribly unreliable in this day and age because so
many people habitually use VPNs and may not be where they appear to be.

I know this field is mandatory in RFC-3875 - what is the scope of that
RFC with respect to protocols?  Does it only talk about HTTP or is it
supposed to be more general?

Cheers,
Solderpunk