CSRF in Gemini

solderpunk solderpunk at SDF.ORG
Tue Jun 16 17:03:30 BST 2020

Previous message (by thread): CSRF in Gemini
Next message (by thread): [SPEC-CHANGE] Simplified client certs, URI scheme, alt text
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 16, 2020 at 11:12:22AM -0400, Jason McBrayer wrote:

> My swimming-against the current proposal: all Gemini requests must be
> idempotent. The easy way to make a request idempotent is to make it have
> no side-effects.
> 
> Yes, this effectively limits Gemini to a document-delivery protocol, and
> strictly constrains what apps could be built on top of it. That may not
> be a bad thing.

I am leaning toward "all Gemini requests made without client
certificates should be idempotent" - stay tuned for *much* more detail
later tonight.  I have ideas which, I hope, will let us make people who
are only interested in a document-delivery protocol *and* hopeless nerds
who want to build apps happy, and even keep them out of each other's
hair to the extent that they want to be...

Cheers,
Solderpunk

Previous message (by thread): CSRF in Gemini
Next message (by thread): [SPEC-CHANGE] Simplified client certs, URI scheme, alt text
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list