Gateway Interfaces for Gemini

colecmac at protonmail.com colecmac at protonmail.com
Tue May 26 23:18:49 BST 2020

Previous message (by thread): Gateway Interfaces for Gemini
Next message (by thread): [ANN] gemlikes - A liking and comment system for Gemini
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> But I just don't see the need to pass this information along to
> applications. What possible legitimate use could they have for it?

I use it for gemlikes, because it's just a really simple way to prevent
spam without having to complicate things with client certs. Client
certs are great, but as you said, it would be a huge hassle to have
to do it for each site.

I providing the IP address is fine, and applications can use it if they
want. Trying to restrict apps from accessing it will give people a false
sense of security, I think.

makeworld

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Tuesday, May 26, 2020 1:59 PM, solderpunk <solderpunk at SDF.ORG> wrote:

> On Mon, May 25, 2020 at 07:11:04PM -0400, Sean Conner wrote:
>
> > [b] Mandatory per RFC-3875---the more security conscience of you might
> > not like this, but in that case, I can recommend the value of
> > "127.0.0.1" or "::1"
> > [c] Can be the IP address, which is what I do
>
> It's true that, as I've written in the past, I really am not a fan of
> this information being passed along for privacy reasons. Yes, of
> course, I know full well that the server itself already knows your IP
> address, by necessity. I am totally fine with admins logging that
> information for the sake of debugging or abuse prevention.
>
> But I just don't see the need to pass this information along to
> applications. What possible legitimate use could they have for it? If
> they want to recognise consecutive requests from the same user so they
> can maintain state server side, well, that's what client certificates
> are for. The application can request one, instead of relying on the IP
> address, which won't work well anyway if somebody is using a popular VPN
> exit node. The only other thing I can think of which is potentially
> even vaguely legimiate is geolocation so the app can e.g. serve a
> suitable translated interface. But even that's iffy in my mind because
> geolocation is so terribly unreliable in this day and age because so
> many people habitually use VPNs and may not be where they appear to be.
>
> I know this field is mandatory in RFC-3875 - what is the scope of that
> RFC with respect to protocols? Does it only talk about HTTP or is it
> supposed to be more general?
>
> Cheers,
> Solderpunk

Previous message (by thread): Gateway Interfaces for Gemini
Next message (by thread): [ANN] gemlikes - A liking and comment system for Gemini
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list