implementing client certificate support

solderpunk solderpunk at SDF.ORG
Wed Jun 10 22:16:37 BST 2020

Previous message (by thread): implementing client certificate support
Next message (by thread): [ANN] bollux 0.4.0: now with GOPHER
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 09, 2020 at 12:01:28AM -0400, Michael Lazar wrote:

> I think hijacking the <META> is unnecessary for my application. I can accomplish
> the same thing by sending a "30 TEMPORARY REDIRECT" to all unauthenticated
> requests, and then hitting them with a 61 after they have been redirected to
> the path scope. I concede that this wouldn't be *exactly* the same because the
> client won't end up at the page that they originally requested. But it's
> workable enough for me. And I like having the meta available for human readable
> error messages.

Hmm...I think I like this.  I mean, I'm never *super* excited when
redirects are involved, but this workflow would allow us to spec
that the default scope of a cert is all paths below the URI from
which the 6x status was received (which lets client certs be much
narrower in scope than cookies, which IMHO is a good selling point)
and still allow human-readable <META> for 6x statuses to provide
hints about expected certificate lifespan.

Cheers,
Solderpunk

Previous message (by thread): implementing client certificate support
Next message (by thread): [ANN] bollux 0.4.0: now with GOPHER
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list