Minimum requirements for client certificates

Solderpunk solderpunk at posteo.net
Mon Aug 31 17:44:06 BST 2020

Previous message (by thread): Minimum requirements for client certificates
Next message (by thread): Minimum requirements for client certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I think it goes without saying that at the absolute minimum a Gemini
client certificate ought to be a valid x509 certificate.  I did look
into this at some stage and IIRC the Issuer needs to be non-empty but
the Subject does not.  If that is indeed the case, then I'm not sure we
should mandate anything further.  As makeworld said, such certificates
might not be suitable for particular applications which make use of the
Subject.  I guess the appropriate server response there would be 61?  62
doesn't seem to apply since the certificate is technically valid.  But
this does make the "CERTIFICATE NOT AUTHORISED" name for 61 misleading.
Perhaps it ought to be "CERTIFICATE NOT ACCEPTED"?

Cheers,
Solderpunk

Previous message (by thread): Minimum requirements for client certificates
Next message (by thread): Minimum requirements for client certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list