authority's userinfo?

solderpunk solderpunk at SDF.ORG
Thu Jun 11 16:09:12 BST 2020

Previous message (by thread): authority's userinfo?
Next message (by thread): authority's userinfo?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jun 11, 2020 at 07:58:45PM +1000, Thomas Karpiniec wrote:

> By my reading of RFC 3986 (s3.2) you explicitly have that right:
> 
> "Some schemes do not allow the userinfo and/or port subcomponents."

Thanks very much for finding that.  I realise it must seem ridiculous
that I'm building on top of these RFCs without having read then in fine
detail.  I would *love* to have the time to print out the URI, MIME and
TLS RFCs, sit down with a coffee and a pen and go through them all
closely, but it's not likely to happen anytime soon.  I am grateful to
be able to "crowdsource" some details.

And this is great news.  I will update the spec this weekend - to
simplify the client certificate stuff as discussed, but at the same time
I will add a new section defining the Gemini URI scheme and explicitly
disallowing the userinfo component.

Servers receiving a request whose URL contains a userinfo component
should respond with "59 BAD REQUEST".  Clients should strip userinfo
from links in text/gemini documents or status 3x <META> lines.  Then
this nasty loophole is closed.

Cheers,
Solderpunk

Previous message (by thread): authority's userinfo?
Next message (by thread): authority's userinfo?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list