Hi,
I would like some feedback.
The work done by Bert made me thinks about where we are storing the
certificates. Currently, they are in .local/share/offpunk, with your
lists.
I’m currently thinking that server side certificates should probably be
moved into .cache. Those are not the kind of data you would like to
save/backup. It doesn’t make sense to keep old certificates while the
cache is emptied.
On the other hand, client certificates are important to backup and
should be in .local/share in a folder clearly marked as such.
What do you think?
--
Ploum - Lionel Dricot
Blog: https://www.ploum.net
Livres: https://ploum.net/livres.html
Hi,
I would argue that both client and server certificates are important to
back up. The server certificates are used for Gemini's TOFU scheme if I
understand correctly. In that case they are necessary for avoiding
person-in-the-middle attacks and so I don't think they should be cleared
together with the cache. SSH works similarly, by placing the known hosts
file inside its configuration directory.
Sotiris
Sotiris Papatheodorou wrote:
> I would argue that both client and server certificates are important to back up.
I agree with this.
Perhaps offpunk could use the $XDG_STATE_HOME (default: ~/.local/state) directory instead of $XDG_CACHE_HOME. I wouldn't object to XDG_DATA_HOME (~/.local/share) but the data is not really “shared” with anyone — they're for offpunk only — so I prefer the state directory.
Cheers,
--
Kʟᴀᴜꜱ Aʟᴇxᴀɴᴅᴇʀ Sᴇɪꜱᴛʀᴜᴘ
https://kas.bio.link/ 🇩🇰
On 24 jun 23 11:49, Klaus Alexander Seistrup wrote:
>Sotiris Papatheodorou wrote:>>> I would argue that both client and server certificates are important to back up.>>I agree with this.>>Perhaps offpunk could use the $XDG_STATE_HOME (default: ~/.local/state) directory instead of $XDG_CACHE_HOME. I wouldn't object to XDG_DATA_HOME (~/.local/share) but the data is not really “shared” with anyone — they're for offpunk only — so I prefer the state directory.
I like a lot the idea of XDG_STATE_HOME.
According to the spec:
"The $XDG_STATE_HOME contains state data that should persist between
(application) restarts, but that is not important or portable enough to
the user that it should be stored in $XDG_DATA_HOME."
https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
I feel that it is perfectly appropriate: nothing really bad happens if
you lose server certificates.
TBH, I’ve never care much about certificate errors as I don’t see the
point in trying to spook one for a gemini capsule and new certificates
happen all the time for various reason (and I must not be alone doing it
that way).
Saving then in STATE_HOME might be a very good compromise: you don’t
clear them with the cache but you don’t need a strong backup policy as
you would to for SHARE_HOME.
(which raise the question that offpunk cache is becoming so incredibly
important to me that I’m starting to backup it… But this is subject for
another thread)