Re: Gopher over TLS

To: gopher-project@other.debian.org
Subject: Re: Gopher over TLS
From: Sean Conner <sean@conman.org>
Date: Mon, 11 May 2020 23:41:17 -0400
Message-id: <[🔎] 20200512034117.GN7305@brevard.conman.org>
In-reply-to: <CADVGGb-w4Q8EyHtikBUG135KA=mUbL=S+ZTNBhr4Z3uhL4Mkwg@mail.gmail.com>
References: <f2faa4a5-749a-8e99-f24f-fad3dd9d8e77@emilengler.com> <CADVGGb-w4Q8EyHtikBUG135KA=mUbL=S+ZTNBhr4Z3uhL4Mkwg@mail.gmail.com>

It was thus said that the Great Sebastiaan Deckers once stated:
> FWIW, I drafted a spec of Gopher over TLS. Published the server and client
> libraries and deployed them in production.
> 
> https://gitlab.com/commonshost/goth#gopher-over-tls-got-protocol

  Not bad, I like it.  I also would *love* if the existing clients that
attempt TLS over gopher would follow this bit:


	If the TCP/IP socket was successful but the attempt fails without
	receiving a ServerHello message, a GoT client may attempt to connect
	without TLS, treating the connection as plaintext Gopher. This
	failure may be cached for as long as the server's DNS records are
	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
	valid.
	^^^^^

There's at least one client out there (I think it's a web-to-gopher proxy)
that attempts to ust TLS *every damn time* it makes a request and frankly,
I'm close to just outright blocking that IP address.  Once a day (the
current TTL for 'gopher.conman.org') isn't bad, but *every single time* is
just rude (in my opinion).

  -spc (My other pet peeve of gopher clients is the notion that every
	selector starts with a '/' ... )

Reply to:

Follow-Ups:
- Re: Gopher over TLS
  - From: Emil Engler <me@emilengler.com>
- Re: Gopher over TLS
  - From: Sebastiaan Deckers <sebdeckers83@gmail.com>

Prev by Date: Re: Help with a demo
Next by Date: Re: Gopher over TLS
Previous by thread: Re: Help with a demo
Next by thread: Re: Gopher over TLS
Index(es):
- Date
- Thread