[ANN] Gemini browser for iOS

solderpunk solderpunk at SDF.ORG
Tue Jun 2 19:31:46 BST 2020

Previous message (by thread): [ANN] Gemini browser for iOS
Next message (by thread): [ANN] Gemini browser for iOS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 02, 2020 at 01:31:09AM +0200, Peter Vernigorov wrote:

> Question about client certificates: not sure how other clients implement
> this, but I was thinking of generating and using the same client cert for
> all sites, and giving an option to create a cert for specific domain. Does
> that make sense? Potential problem I see is that main certificate is
> something user could be identified by across websites.

It's not super clear to me what you're suggesting.

If it's that the client generates a single self-signed client cert the
first time it starts up and then just sends that cert to every single
host as part of every single request: PLEASE DON'T DO THAT!  This is
about as wrong an implementation of Gemini's idea of client certificates
as possible.  The vast majority of URLs will not require or expect a
client cert (which is why there's a way for servers to explicitly
request one in the unusual circumstance it's needed), and any you send
will just be ignored.  You will be needlessly increasing the TLS overhead
(which is already pretty heavy relative to typical text/gemini payload
sizes) for no gain.  Worse, admins of unrelated servers would be able to
compare their logs and track you across Geminispace.

If it's that you generate a single certificate the first time it starts
up but only send it out in response to a status code of 62 that's a
different matter (I assume it goes without saying you shouldn't ever use
it in response to a status code of 61 because the behaviour for
transient certs is extremely clearly specced and this would fly in the
face of just about every part of it).  I still think it's the wrong
thing to do, but it's slightly less disasterous than the first option.

Client certificates should be handled in a very deliberate manner - the
user needs make the clear decision to opt in, on their own terms, to
being identified to some server(s).  It's an exceptional condition and
should never be automated or hidden from the user for the sake of
convenience.  Sharing a single certificate across domains isn't
something anybody should ever do lightly.

Cheers,
Solderpunk

Previous message (by thread): [ANN] Gemini browser for iOS
Next message (by thread): [ANN] Gemini browser for iOS
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list