[spec] Oustanding issues

Martin Keegan martin at no.ucant.org
Sun Dec 27 12:01:02 GMT 2020


On Sun, 27 Dec 2020, Solderpunk wrote:

> I think is worthy of some kind of consideration/response.  If you think
> I've forgotten something, please let me know.

You posted on your gemlog some time ago that the experience of the use of 
TLS client certificates had raised issues that needed to be clarified in 
the spec; I don't know whether these issues were satisfactorily resolved.

=> gemini://gemini.circumlunar.space/users/solderpunk/gemlog/tls-musings.gmi


For my own part I'd like to know about timeouts. My server is coded with 
some concern about DoS attacks such as the Slow Loris attack:

=> https://en.wikipedia.org/wiki/Slowloris_(computer_security)

To mitigate this, the server shuts down any connection which hasn't 
submitted a request after ten seconds. Pragmatically, client authors do 
not need licence from the spec to implement a timeout, but it may be 
useful to constrain when and how server implementors should/must/must not 
do this.

Mk

-- 
Martin Keegan, @mk270, https://mk.ucant.org/


More information about the Gemini mailing list