A vision for Gemini applications

[Jason McBrayer]

solderpunk <solderpunk at SDF.ORG> writes:

> On Wed, Jun 17, 2020 at 10:02:21AM +0000, solderpunk wrote:
>  
>> In general, requiring all non-idempotent requests to use a query and
>> recommending clients to strip (or ask for confirmation of) queries found
>> in links and redirects, might be enough to solve the worst of the
>> problem.
>
> Of course, it only takes *one* popular client not bothering to do this
> to make all apps relying on it vulnerable, so really robust ones are
> probably going to have to faff about with nonces anyway.

I hope to write a fuller response to your vision post later today, if I
get a chance. But quickly one thought:

What if, as you suggest, non-idempotent requests are required to use
certificates, and further, that general-purpose clients are required to
make cross-site requests *without a client certificate*, even if they
have a certificate for the target in their store?

-- 
+-----------------------------------------------------------+  
| Jason F. McBrayer                    jmcbray at carcosa.net  |  
| If someone conquers a thousand times a thousand others in |  
| battle, and someone else conquers himself, the latter one |  
| is the greatest of all conquerors.  --- The Dhammapada    |