repo: gemini-site
action: commit
revision: 
path_from: 
revision_from: 75deb52790afd6861a41eaf57059882a64725727:
path_to: 
revision_to:
git.thebackupbox.net
gemini-site
git clone git://git.thebackupbox.net/gemini-site
commit 75deb52790afd6861a41eaf57059882a64725727
Author: Solderpunk 
Date:   Sat Oct 26 15:39:49 2019 +0000

    Discuss best practices regarding redirects.

diff --git a/docs/best-practices.txt b/docs/best-practices.txt
index 500a0b3177530cf8bbce6463b01db98f2675a1b1..
index ..1b6053ad0d8d0c839218799c57a8b208d67211d4 100644
--- a/docs/best-practices.txt
+++ b/docs/best-practices.txt
@@ -83,3 +83,74 @@ client and is not guaranteed.  Serving your
 content as UTF-8 maximises its accessibility
 and maximises the utility of simple clients
 which support only UTF-8.
+
+## Redirects
+
+### General remarks
+
+Redirects were included in Gemini primarily
+to permit the restructuring of sites or the
+migration of sites between servers without
+breaking existing links.  A large,
+interconnected space of documents without
+such a facility inevitably becomes "brittle".
+
+However, redirects are, generally speaking,
+nasty things.  They reduce the transparency
+of a protocol and make it harder for people
+to make informed choices about which links to
+follow, and they can leak information about
+people's online activity to third parties.
+They are not as bad in Gemini as in HTTP
+(owing to the lack of cookies, referer
+headers, etc.), but they remain at best a
+necessary evil.
+
+As such, please refrain from using redirects
+frivolously!  Things like URL-shorteners are
+almost totally without merit.  In general,
+think long and hard about using redirects to
+do anything other than avoid link breakage.
+
+### Redirect limits
+
+Clients may prompt their users for decisions
+as to whether or not to follow a redirect, or
+they may follow redirects automatically.  If
+you write a client which follows redirects
+automatically, you should keep the following
+issues in mind.
+
+Misconfigured or malicious Gemini servers may
+serve redirects in such a way that a client
+which follows them blindly gets trapped in an
+infinite loop of redirects, or otherwise has
+to complete a very long chain of redirects.
+Robust clients will need to be smart enough
+to detect these conditions and act
+accordingly.  The simplest implementation is
+to refuse to follow more than N consecutive
+redirects.  It is recommended that N be set
+no higher than 5.  This is inline with the
+original recommenation for HTTP (see
+RFC-2068).
+
+### Cross-protocol redirects
+
+Cross-protocol redirects (i.e. redirects from
+Gemini to something else, like Gopher) are
+possible within Gemini, but are very heavily
+discouraged.  However, misconfigured or
+malicious servers will always be able to
+serve such redirects, so well-written clients
+should be ready to detect them and respond
+accordingly.
+
+It is strongly recommended that even clients
+which generally follow redirects
+automatically alert the user and ask for
+explicit confirmation when served a redirect
+to a non-TLS-secured protocols like HTTP or
+Gopher, assuming the client implements
+support for these protocols.  This avoids
+unintentional plaintext transfers.

-----END OF PAGE-----