mbays at sdf.org
Thu Jul 15 21:58:12 BST 2021
* Wednesday, 2021-07-14 at 20:17 +0000 - nervuri <nervuri at disroot.org>:
>"Before following a URI which is in scope of a client certificate from
>a page (or via a redirect) outside of that scope, clients MUST display
>the target URI and what client certificate will be used to connect to
Better. But I think "display" is still assuming too much about the
client. What about audio-only clients? We could make it "present", but
still we may find that it's too restrictive... what if a client wants to
present only a shortened form of the URI, say without the scheme? Do we
really want to say that it's in contravention of the spec? And so on.
Really, I don't think this kind of prescriptive text for the details of
how clients should operate belongs in the spec at all.
Perhaps it would make more sense to add some general discussion about
this issue, either to the spec or to best-practices.gmi, saying that
clients should ensure that a client certificate is used only when it's
clear that the user intends it to be, and pointing out these cases where
it might not be clear (links and redirects into the scope of
a certificate). Then let client authors decide how to implement this in
whatever way makes most sense for their particular clients.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: not available
More information about the Gemini