A vision for Gemini applications

[solderpunk]

On Wed, Jun 17, 2020 at 08:01:23AM -0400, Jason McBrayer wrote:
 
> What if, as you suggest, non-idempotent requests are required to use
> certificates, and further, that general-purpose clients are required to
> make cross-site requests *without a client certificate*, even if they
> have a certificate for the target in their store?

Yes, that would definitely be possible (AV-98 almost does this, but it
explicitly asks you if you want to reactivate a previously used
certificate when you cross back to a domain).  I didn't mean to say that
I think it's impossible to build a general purpose client that's
optimised for reading static text but also certificate aware enough to
use apps, and to do so in a careful way that avoids CSRF attacks or
accidental "leakage" of identities.  I don't doubt it can be done!  And
people are genuinely welcome to try.  It just seemed to me that a client
like that is going to be at the very least more fiddly work for
developers to write and test, and perhaps also a bit more confusing for
users to use, compared to either a client which just has no concept of
client certificates, or one which does but is bound to a single domain.
Two simple programs which each do one thing and do it well will be
simpler and safer, and it plays well to one of our core strengths, which
is that usable clients can be extremely lightweight so running one per
app is very feasible.

Cheers,
Solderpunk