Re: Gopher over TLS
Greetings.
On Sun, 21 Jan 2018 22:24:45 +0100 Alex Schröder <kensanata@gmail.com> wrote:
> I've recently added a Gopher interface to my wiki at alexschroeder.ch. As
> an experiment, I added TLS support to the server and added it to a client,
> too. The client I picked was the simple VF-1 client written in Python.
> Basically it has two modes: TLS mode and normal mode. In normal mode, all
> connections are considered to be normal; in TLS mode all connections are
> considered to be encrypted. I get the feeling that this is better and more
> obvious than having gopher and gophers URL schemas, and figuring out how to
> integrate SSL into existing Gopher menus.
> What do you think?
Your proposal is: Switch over the whole gopherspace to TLS at once. This
removes an easy way to transition between encrypted and unencrypted go‐
pherspace and may create a split.
>From the last discussions on how to add TLS to gopher:
* proposal to have a separate port
* proposal to have gophers://
* everyone agreed on this one
* I proposed to sniff on port 70 for the first bytes to be TLS, so no new port
is needed.
* I proposed to simply use tor, which adds encryption (onion services) and
anonymity without any extra software.
We did not get as far as discussing how to apply TLS to the menus.
With a new port assigned we would either only have TLS on that specific
port or reuse gopher+ for some TLS logic. If my sniffing proposal is ap‐
plied the client could first try TLS, then plain gopher. If tor is used,
nothing of the above is needed.
For now no need was there to move any content over to any TLS solution.
Instead I have worked on promoting onion services for everyone. This al‐
so reduces the burden for implementing TLS in clients. Have you ever
tried using the openssl API?
Which path do _you_ choose?
Sincerely,
Christoph Lohmann
Reply to: