[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gopher over TLS

I like the idea of using a simpler encryption. A huge advantage of Gopher is that a server can be set up in a few lines of code.

@klez sent a XKCD with the current stiuation.
If that's the case would anyone be interested in co-authoring an RFC?
I personally never wrote an RFC. The only standardization document I wrote was BIP 179.
Having a RFC is the first steps for a general standardization.


Am 14.03.20 um 13:06 schrieb Ciprian Dorin Craciun:
On Sat, Mar 14, 2020 at 1:36 PM Emil Engler <me@emilengler.com> wrote:
Hi, I thought about writing a standard for a secure Gopher protocol
(short gophers).
Have there been any proposals for this yet and what's the general
consensus about this on this ML

Side-note:  Apparently there is a new ("competing") protocol that is
being developed by a group of Gopher enthusiast named Gemini, which
basically adds MIME support, uses a Markdown-based syntax instead of
Gopher maps and uses TLS by default.


In that context, I made the proposal of replacing TLS with a simpler
NaCL / libsodium alternative.  And by "simpler" I mean that given one
has access to `libsodium`, or is able to copy-paste the 4
cryptographic primitives (basically XSalsa20, Poly1305, Ed25519 and
Curve25519), one should be able to implement this in a few lines of

Fortunately, that proposal (given it has nothing tied or specific to
Gemini) can be re-used for Gopher (or any other message based

Bellow is the thread and my proof-of-concept Python-based
implementation, together with a diagram, analysis and description:

* proposal document --
* proof-of-concept code --
* mailing list thread --

(Full disclaimer:  I am not a cryptographer;  I am aware of "not
implementing your own crypto";  I have not "invented" new
cryptographic primitives but instead reused existing ones the way they
were meant;  I have studied the Noise Protocol a few other proposals;
and tried my best.  See the thread for a lengthy take on this.)

(If there are any cryptographers out there, please take a look if you
want.  Thanks!)

Hope this is useful,

Reply to: