Re: TLS in Gopher

To: gopher-project@other.debian.org
Subject: Re: TLS in Gopher
From: "Iain R. Learmonth" <irl@fsfe.org>
Date: Fri, 2 Mar 2018 08:19:59 +0000
Message-id: <[🔎] 136e7456-8947-2c02-b383-d832eccbd039@fsfe.org>
In-reply-to: <[🔎] 20180302-080904.541.0@Matt-Owenx-Jaruzelx.news.gmane.org>
References: <20180227184429.E928210539584@r-36.net> <[🔎] 20180302-080904.541.0@Matt-Owenx-Jaruzelx.news.gmane.org>

Hi,

On 02/03/18 08:09, Matt Owen (Jaruzel) wrote:
> Why are we not just following how the introduction of https did it ?
> 
> 1. TLS enabled gopher links are prefixed by gophers:// 

This is the mistake that was made with HTTP that we can avoid. This made
TLS support a special case, meant everyone changing URLs all over the
place, and a whole load of other problems. It implies that Gopher with
TLS is a separate protocol. You're still using the Gopher protocol just
that now it's running over TLS instead of directly over TCP.

HTTP did not repeat this mistake when they started to deploy QUIC+DTLS.
They didn't decide to have http+quic:// URLs, they reused the https://.

> 2. gophers:// links are used in the gophermap file, and shared elsewhere 
> in the same manner https:// links are. If the connection to that server 
> is already TLS, then it is assumed that all local links in the gophermap 
> file that start with a '/' are also TLS.

gophermap doesn't use URLs, it has a host/port combination and a
selector. You literally cannot encode gophers:// in a gophermap unless
you're going to introduce a whole load of new item types, which is not
what item types are for.

> 3. Gopher clients are updated to understand that gophers:// is TLS and on 
> a default port of 7443 if no discrete port is specified in the link.

Instead, how about gopher clients are updated to assume all servers
support TLS unless they see evidence to the contrary? I have previously
described a ridiculously simple method for multiplexing TLS and non-TLS
on the same port (using MSG_PEEK).

> When https was introduced, there wasn't any fancy way of letting older 
> browsers downgrade the connection - it just wasn't supported. If users 
> wanted to access https, then they had to upgrade their browsers. I don't 
> see why supporting TLS in gopherspace should be any different.

There was. You use http:// instead. It was entirely supported and still
is to this day. To this day you're still connecting with HTTP first and
then getting a redirect to HTTPS. You really want to recreate that for
Gopher?

Thanks,
Iain.

Reply to:

Follow-Ups:
- Re: TLS in Gopher
  - From: netpassport89@sdf.org

References:
- Re: TLS in Gopher
  - From: "Matt Owen (Jaruzel)" <jaruzel@jaruzel.com>

Prev by Date: Re: TLS in Gopher
Next by Date: Re: TLS in Gopher
Previous by thread: Re: TLS in Gopher
Next by thread: Re: TLS in Gopher
Index(es):
- Date
- Thread