Re: TLS in Gopher

To: gopher-project@other.debian.org
Subject: Re: TLS in Gopher
From: Alex Schroeder <kensanata@gmail.com>
Date: Thu, 01 Mar 2018 08:18:04 +0100
Message-id: <[🔎] 87zi3s4637.fsf@gmail.com>
In-reply-to: <[🔎] 102e3fd8-6d26-b5bf-75cb-9b50c825062e@fsfe.org> (Iain R. Learmonth's message of "Thu, 1 Mar 2018 05:26:11 +0000")
References: <20180227184429.E928210539584@r-36.net> <201802280205.w1S25Dxb6684768@floodgap.com> <20180228201924.B5196105395B5@r-36.net> <[🔎] 102e3fd8-6d26-b5bf-75cb-9b50c825062e@fsfe.org>

"Iain R. Learmonth" <irl@fsfe.org> writes:

> Gopher menus do not use URLs so it's impossible to link to such a
> resource. It also creates a division between "secure" and "insecure"
> gopherspace where resources are not the same as they have different
> URLs.

Personally, that has two benefits:

First, old clients can use the old resources and follow the old links
without a problem. 100% backwards compatibility.

Second, implementation of clients and servers is simple because
programming languages provide libraries that offer secured or unsecured
connections.

There are two drawbacks:

The first is that Gopher clients will now either have to offer users an
explicit "mode" (will attempt all connections using either TLS or no
TLS, which is what I chose to implement for the client VF-1), or do
their own "sniffing" by attempting to connect using either TLS and then
trying no TLS after informing the user or checking their cache. Granted,
that means we don't have 100% interoperability as old clients cannot
follow links to secured resources.

The second is that secure and insecure sites live in separate spaces,
secure content and insecure content have different URLs. To me, this is
simply a minor annoyance. I haven't run into an actual problem with
this. When I share the link to an insecure resource with somebody who
has a newer Gopher client that can use TLS, it will use an insecure
connection because that's what the URL says. This appears to be
drawback? I can live with it.

Server side sniffing is technically interesting, but not well supported
by the sort of scripting languages that make implementing Gopher servers
so trivially easy. I'm familiar with Emacs Lisp, Python and Perl because
I worked on Gopher clients and servers using those three and I used
gnutls-cli for testing on the command line, and none of these offered
libraries with the kind of abilities described. Writing a Gopher server
would end up being non-trivial. This I find much harder to accept.

Perhaps I'm wrong and it is in fact trivially easy? Can somebody post
some sample code, a few lines maybe, illustrating how it would work in a
simple Gopher server?

Cheers
Alex
-- 
Public Key Fingerprint = DF94 46EB 7B78 4638 7CCC  018B C78C A29B ACEC FEAE

Reply to:

Follow-Ups:
- Re: TLS in Gopher
  - From: "Iain R. Learmonth" <irl@fsfe.org>

References:
- Re: TLS in Gopher
  - From: "Iain R. Learmonth" <irl@fsfe.org>

Prev by Date: Re: TLS in Gopher
Next by Date: Re: TLS in Gopher
Previous by thread: Re: TLS in Gopher
Next by thread: Re: TLS in Gopher
Index(es):
- Date
- Thread