Re: [gopher] Capability files are dangerous
On Mon, 14 May 2012, Denis Bernard wrote:
Capability files are dangerous!
this reminds me of the classical pop up with danger!! you are broadcasting
your ip!!!11!1einself
<snip>
Up to day, any Gopher client was able to deal with any Gopher server
(more or less). The spirit of Gopher is to keep it as simple as
possible and, mainly, for retrieving files anonymously. Up to day, it
was impossible, for an administrator of a Gopher server, to know which
flavor of a Gopher client was browsing its site. The only information
available was from the IP address. Now, with a capability file like
?caps.txt?, there is a fingerprint. Without to be paranoiac, everybody
heard of web sites serving contents (or refusing to serve!) according
the software or the system that the client have. That will happen for
the Gopher space too!
As caps.txt is server side, I fail to how it relates to servering data to
a client, the server has no ideer what its talking to, unlike useragent
string in http world.
<snip>
A capability file offers interesting informations about the Gopher
server software version that you run and its hardware. Knowing the
version of the capability file, the version of the software of the
server, it is easy to deduce how much the administrator is lazy or
incompetent.
That is the typical snakeoil security argument, you must not tell people
what you are running, and then disregarding ability of tcp/ip finger
printing from nmap and co.
Hell even without that there are only so many gopher servers out there,
and they all have more or less identifyable features.
You can find, in a capability file, private informations provided
by its unadvised administrator like the geographical position of its
server. So, if somebody claims that you are serving a file under a
copyright that you don't hold, knowing the city where the server runs,
he can easily find the door of the competent justice court. If you do
not provide that kind of information, jurists will have to ask to the
Internet provider who are you according your IP address (supposing
your domain name is kept in anonymity). It takes time and they need to
have strong motivation to do that.
Camerons proposal is a simple file, it doesnt magicly out of the blue gets
the infomation , its infomation that you as an admin either have to enter
into a file yourself, or in the case of gophernicus you can let it
generate it automatical, again only with infomation you supply it.
Descript, admin and geolocation is optional fields.
But even without that geolocation field, unless you happen to run your
server over a tor network, it aint terrible hard this days to figure out
where in the world a ip is based.
Providing a precise resource at a root Gopher server, like a well
known capability file, makes this server vulnerable to a massive
attack. Until to day, if a Gopher server is flooded by requests, it
just have either to display a root menu file (gophermap) or an error
message. The other resources can stand on other severs: thanks to
Gopher protocol to be a distributed system! If you provide a
capability file, your server must have to reply the full content of
this additional file requested. You can tell me that is the the same
with a resource that doesn't exist: server replies with a short
message of one line. But, for a capability file, the reply is much
more long than an error message. And do not forget that: next year,
you will have to play with 10 flavors of capability files!
Again the caps file is just a file, Gopherd servers can chose to implement
it as special case or just as a hardcoded file. So nothing changes there.
You are advised, now. Have fun!
I have nothing but fun.
Regards
--
Jacob Dahl Pind | telefisk.org | fidonet 2:230/38.8
_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/gopher-project
Reply to: