Gemini App Developer Guide [main]

Security: Potential certificate reuse

8e2f911bc4601d534441c274511e990941a6e3db
[1mdiff --git a/app-guide.gmi b/app-guide.gmi[m
[1mindex fad7a34..bdaf330 100644[m
[1m--- a/app-guide.gmi[m
[1m+++ b/app-guide.gmi[m
[36m@@ -543,7 +543,7 @@[m [mA very basic rate limiter would count the number of requests that have occurred[m
 [m
 ## 5.3 Client certificates[m
 [m
[31m-You should treat client certicates as sensitive information. If your application publishes information about them, for instance hash sums, it may allow other servers to check this information and match it against the client certificates they have access to, potentially discovering matches that reveal whether the same client has accessed both servers. While the risks of such tracking are small, Gemini users generally feel that privacy should be respected and this should not be allowed.[m
[32m+[m[32mYou should treat client certicates as sensitive information. If your application publishes information about them, for instance hash sums, it may allow other servers to check this information and match it against the client certificates they have access to, potentially discovering matches that reveal whether a user has reused a client certificate for multiple applications. While the risks of such tracking are small, Gemini users generally feel that privacy should be respected and this should not be allowed.[m
 [m
 ## 5.4 Administration[m
 [m