Re: [gopher] Gophernicus 2.4 "Millennium Edition" released

To: gopher-project@lists.alioth.debian.org
Subject: Re: [gopher] Gophernicus 2.4 "Millennium Edition" released
From: Mateusz Viste <mateusz@nospam.viste.fr>
Date: Mon, 13 Feb 2017 09:11:10 +0000 (UTC)
Message-id: <[🔎] o7rt7e$9uo$1@blaine.gmane.org>
Reply-to: Gopher Project Discussion <gopher-project@lists.alioth.debian.org>
References: <[🔎] 201702041011.v14ABcjk10813568@floodgap.com> <[🔎] F5C9CFB2-112C-4825-B9DE-DD51A9E44BED@holviala.com>

Hi all,

While I'm not interested in TLS support myself (truly don't see the 
point), I am wondering... why are you trying to imagine a STARTLS-like 
mechanism that hard, or inserting weird stuff into menus, instead of 
relying on a non-invasive method of achieving the same result? I'm afraid 
that fiddling in *any* way with legacy gopher clients/servers is 
dangerous, and will lead to side effects.

My proposition would be: leave the gopher protocol alone as it is. If you 
really feel the need for gopher-over-ssl - sure, why not, but it needs to 
be on a dedicated port, and the SSL client would need to actively look 
for it through a specialized DNS query.

An SSL-enabled client would need to try resolving the TXT record attached 
to the server's hostname. If found, it would scan it. If the TXT record 
would contain something like this...

  IN TXT      "GTLS:433"

...it would know that it's possible to connect to the same host on port 
TCP/433 and expect an SSL layer there, and automatically switch the url 
to gophers://hostname:433

This way, there is no risk of breaking any legacy code. The downside is, 
that you can't run several gopher-ssl instances on a single IP with 
different ports - not sure it's that's much of a constraint, though. If 
really bored, one could extend the concept to such atrocities:

  IN TXT      "GTLS70:433 GTLS71:434 GTLS72:435 ..."

Meaning "for the gopher resources published on port 70 of this server, 
look at SSL port 433, for resources under port 71, look at SSL/434, etc".

An additional benefit of this solution is that the protocol itself 
doesn't change at all - I only add a SSL layer on top of it. This means 
that any existing gopher server would be able to serve SSL content - it 
only requires putting an SSL proxy in front of it (stunnel from M. 
Trojnara comes to mind immediately, but alternatives exist as well). 
Also, any existing gopher client would be able to talk to a SSL server, 
if only passed through a SSL wrapper.

Mateusz


_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/gopher-project

Reply to:

Follow-Ups:
- Re: [gopher] Gophernicus 2.4 "Millennium Edition" released
  - From: "Matt Owen (Jaruzel)" <jaruzel@jaruzel.com>
- Re: [gopher] Gophernicus 2.4 "Millennium Edition" released
  - From: Kim Holviala <kim@holviala.com>

References:
- Re: [gopher] Gophernicus 2.4 "Millennium Edition" released
  - From: Cameron Kaiser <spectre@floodgap.com>
- Re: [gopher] Gophernicus 2.4 "Millennium Edition" released
  - From: Kim Holviala <kim@holviala.com>

Prev by Date: Re: [gopher] TLS situation in gopher [was: Re: Gophernicus 2.4
Next by Date: Re: [gopher] Gophernicus 2.4 "Millennium Edition" released
Previous by thread: Re: [gopher] TLS situation in gopher [was: Re: Gophernicus 2.4 "Millennium Edition" released]
Next by thread: Re: [gopher] Gophernicus 2.4 "Millennium Edition" released
Index(es):
- Date
- Thread