Re: [gopher] Gophernicus 2.4 "Millennium Edition" released
Hi all,
While I'm not interested in TLS support myself (truly don't see the
point), I am wondering... why are you trying to imagine a STARTLS-like
mechanism that hard, or inserting weird stuff into menus, instead of
relying on a non-invasive method of achieving the same result? I'm afraid
that fiddling in *any* way with legacy gopher clients/servers is
dangerous, and will lead to side effects.
My proposition would be: leave the gopher protocol alone as it is. If you
really feel the need for gopher-over-ssl - sure, why not, but it needs to
be on a dedicated port, and the SSL client would need to actively look
for it through a specialized DNS query.
An SSL-enabled client would need to try resolving the TXT record attached
to the server's hostname. If found, it would scan it. If the TXT record
would contain something like this...
IN TXT "GTLS:433"
...it would know that it's possible to connect to the same host on port
TCP/433 and expect an SSL layer there, and automatically switch the url
to gophers://hostname:433
This way, there is no risk of breaking any legacy code. The downside is,
that you can't run several gopher-ssl instances on a single IP with
different ports - not sure it's that's much of a constraint, though. If
really bored, one could extend the concept to such atrocities:
IN TXT "GTLS70:433 GTLS71:434 GTLS72:435 ..."
Meaning "for the gopher resources published on port 70 of this server,
look at SSL port 433, for resources under port 71, look at SSL/434, etc".
An additional benefit of this solution is that the protocol itself
doesn't change at all - I only add a SSL layer on top of it. This means
that any existing gopher server would be able to serve SSL content - it
only requires putting an SSL proxy in front of it (stunnel from M.
Trojnara comes to mind immediately, but alternatives exist as well).
Also, any existing gopher client would be able to talk to a SSL server,
if only passed through a SSL wrapper.
Mateusz
_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/gopher-project
Reply to: