Malicious Links

ew.gemini ew.gemini at
Sat Jul 10 15:22:21 BST 2021


Chris Brannon <chris at> writes:

> nothien at writes:
>> In Gemini, the restriction that information can only be sent to a server
>> by performing a request is considered a feature.  However, this can
>> backfire by removing the need for user interaction, even when it is
>> absolutely necessary.  Below, I provide an example to show why this
>> feature, combined with the existence of malicious links, can prevent (or
>> at least hinder) the sole use of TLS certificates in account-based sites
>> on Gemini.
> I think having destructive operations (create, update, delete) running
> over Gemini is probably a mistake to begin with, because it will lead
> down the path of trying to build yet another application platform on top
> of yet another document delivery system.  They tried that trick in the
> 90s.  Sadly it's still with us, and it's called the WWW.

Full ACK!


Keep it simple!

More information about the Gemini mailing list