CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)

solderpunk solderpunk at SDF.ORG
Wed Jun 10 21:49:57 BST 2020

Previous message (by thread): CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)
Next message (by thread): CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 09, 2020 at 11:53:19PM -0400, Michael Lazar wrote:

> TLS_CLIENT_HASH
> 
> I'm using a base64-encoded representation of the hash. I like your notation of
> SHA256:<HEX> better, but it's too late now and I don't want to break backwards
> compatibility.

I am extremely interested in having a well-defined notion of
"certificate fingerprints" in Geminispace, not just for CGI apps but in
server configs too (Molly Brown will soon support being able to
configure lists of authorised certs for accessing certain directories).
It's a shame it's too late for you to make changes now, but for the sake
of all future implementations we should agree on something.

I was actually going to suggest base64-encoded SHA256 of the binary
(PEM) certificate (mostly guided by OpenSSH's use of base64 in
.authorized_keys), but I'm happy to hear thoughts on this.

Cheers,
Solderpunk

Previous message (by thread): CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)
Next message (by thread): CGI, SCGI and Certificates (was Re: [ANN] Gemini browser for iOS)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list