authority's userinfo?

[solderpunk]

On Thu, Jun 11, 2020 at 01:37:46PM +0200, Petite Abeille wrote:
 
> Thanks. 

I didn't *mean* that as a compliment, but upon reflection you're right
to take it as one.  To be frank, your posts often frustrate me or stress
me out, but I realise that you are, in fact, performing a valuable
service in pointing out loopholes and overlooked details, and this one in
particular was a very valuable catch, thankfully easily fixed.  I hope to
goodness this was the last surprise of this magnitude that you manage to
dig up.
 
> That said, this all hinges on automated redirects, beyond end-user control, all opaque to them. This is the crux of the issue.

That's true, it's not quite fair to blame this entirely on the generic
URI scheme, the issue also highlights the dangers posed by redirects.

> If user-agents MUST-SHOULD prompt for decisions as to whether to follow a redirect, this would be all transparent and under user control.

Also true, but the case of phishing in the web/email world demonstrates
precisely how well relying on users to be able to reliably detect nasty
things via manual inspection of URLs works out in practice.  In this
particular case, given the dubious value of userinfo for Gemini in the
first place, it's much simpler and much more reliable to simply remove
the threat entirely, than to expect people to catch it themselves.

I will consider pushing more strongly for manual intervention in
redirects, but I'm very aware that taking this to extremes will
inevitably result in training users to approve the follow automatically
without a moment's thought.  Much better to make redirects themselves
as safe as we can.

MUST-SHOULDing confirmation for cross-domain redirects might be a good
idea, though.  Those pose a great risk, with the potential for execrable
link shorteners.

Cheers,
Solderpunk