Re: State of Gopher and TLS?
It was thus said that the Great Mateusz Viste once stated:
> On 25/10/2022 14:44, Josuah Demangeon wrote:
> >I think it was added because the trick to allow TLS on same port (peek at
> >the first byte before really reading it) was simple and easy to implement
> >server-side and has no consequence client-side (not breaking TCP-only).
>
> Could also crash a fragile - yet conforming - server implementation that
> is not expecting to receive binary garbage from a client, or at least
> pollute the server's logs with weird, possibly unreadable entries.
You don't need TLS for that. The modern Internet is a very unforgiving
place. Over the past month, my gopher server [1][2] has received 12
requests that fit your criteria, and they aren't all TLS (only 4). From my
logs (sans TLS requests):
l\0\11\0\0\0\0\0\0\0\0\0
\14\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0bbbb0100000001
\0\0\0XXSMBr\0\0\0\0\8\1@\0\0\0\0\0\0\0\0\0\0\0\0\0\0@\6\0\0\1\0\0X\0\2PC NETWORK PROGRAM 1.0\0\2MICROSOFT NETWORKS 1.03\0\2MICROSOFT NETWORKS 3.0\0\2LANMAN1.0\0\2LM1.2X002\0\2Samba\0\2NT LANMAN
\0\0\0qjXn0XkX\3\2\1\5X\3\2\1
\0\30\0\6\1\0\0\1\0\0\0\0\0\0\7version\4bind\0\0\16\0\3
\18\1\0\26\0\0\0\0\0\0\11\0\6\1\0\17\0\1X\8\0\1U\0\0\1
\3\0\0,'X\0\0\0\0\0Cookie: mstshash=eltons
X\0\0(rX\29\19\0\0\0\0\0\0\0\2\0\1XX\0\1X|\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
If anything, the TLS attepts have gone down over the past year. The only
time I ever found it seriously annoying was one gopher bot (similar to a
web bot) making a TLS request for every request instead of caching the
non-TLS result.
> >And gopher with TLS still need some strateg for trusting certificates.
> >
> >Maybe trust on first use is good? A bit like SSH?
That's a major criticism of Gemini (besides the other one, which is to
remove TLS completely [3], which I find funny because TLS was the sole
reason it came about---as a gopher like protocol over TLS).
> Use some other tunneling instead of TLS, then. But in any case, do not
> call the resulting thing "Gopher", and do not hijack a TCP port that
> have been in use since 30 years...
Agree, and it's known as Gemini.
-spc
[1] gopher://gopher.conman.org/
[2] Using my own gopher server software:
https://github.com/spc476/port70
[3] There are two camps here---the first one that thinks TLS is not
necessary at all, too complex and therefore, should be removed; and
the second camp, which finds TLS too complex and therefore, it
should be replaced with a bespoke encryption scheme they saw
somewhere that is "simple" but yet no implementations exist.
Reply to: