Re: TLS in Gopher

To: "Iain R. Learmonth" <irl@fsfe.org>
Cc: gopher-project@other.debian.org
Subject: Re: TLS in Gopher
From: Kim Holviala <kimholviala@fastmail.com>
Date: Wed, 28 Feb 2018 11:13:00 +0200
Message-id: <[🔎] 36794933-00D9-4CD7-909E-F758BA77F28A@fastmail.com>
In-reply-to: <[🔎] 44677869-ab8f-f31f-524b-f5a49b4d0d61@fsfe.org>
References: <[🔎] 20180227184429.E928210539584@r-36.net> <[🔎] F965B7EC-C5AA-4183-A197-3A8B2B46B3C9@fastmail.com> <[🔎] 44677869-ab8f-f31f-524b-f5a49b4d0d61@fsfe.org>

On 28 Feb 2018, at 10.14, Iain R. Learmonth <irl@fsfe.org> wrote:
> 
> 
> You could always have a TLS wrapper that is also happy to not do TLS.

True, although I don't know any such existing wrapper. Also as started in RFC3207 STARTTLS is less secure than dedicated port - an attacker can always strip the STARTTLS while dedicated port either connects securely or doesn't connect at all.

Since gopher hardcodes both server names and port numbers (all links are absolute) adding TLS is a pain without breaking the protocol. I know, I've been researching this for a couple of years now. Starttls is the easiest as it doesn't break the protocol but it's also no more secure than current plaintext connections while adding huge libraries to currently very simple servers.

- Kim

> This would allow clients to perform TLS if they wish, or not, and all on
> the same port without complicating any codebases.
> 
> Thanks,
> Iain.
>

Reply to:

References:
- TLS in Gopher
  - From: Christoph Lohmann <20h@r-36.net>
- Re: TLS in Gopher
  - From: Kim Holviala <kimholviala@fastmail.com>
- Re: TLS in Gopher
  - From: "Iain R. Learmonth" <irl@fsfe.org>

Prev by Date: Re: TLS in Gopher
Next by Date: Re: TLS in Gopher
Previous by thread: Re: TLS in Gopher
Next by thread: Re: TLS in Gopher
Index(es):
- Date
- Thread