Re: Gopher TLS support in curl

To: gopher-project@other.debian.org
Subject: Re: Gopher TLS support in curl
From: Cameron Kaiser <spectre@floodgap.com>
Date: Mon, 21 Dec 2020 14:50:59 -0800 (PST)
Message-id: <[🔎] 202012212250.0BLMoxDk17170616@floodgap.com>
In-reply-to: <[🔎] 87v9cv5a86.fsf@complete.org> from John Goerzen at "Dec 21, 20 11:40:09 am"

> > Geomyidae uses  a simple  probing, which can  be easily 
> > implemented in
> > every server.
> >
> > 	if (recv(sock, &byte0, 1, MSG_PEEK) < )
> > 		return 1;
> >
> > 	if (byte0 == 0x16) {
> > 		do_tls();
> > 	}
> 
> That is a FANTASTIC trick!  Actually it could be expanded to 
> simply do plaintext for a non-TLS-capable client.  I personally 
> would prefer that, if only because I still want to use UMN gopher 
> client sometimes.  There is something about its lovely 90s feel...

I still don't understand how this can be protected against downgrade
attacks. A malicious MITM could simply ensure that the TLS trigger byte
was never communicated (race the packet, etc.) and both client and server
would then assume the connection isn't TLS.

Not a high risk, but if the end goal is security ...

-- 
------------------------------------ personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckaiser@floodgap.com
-- The only thing to fear is fearlessness -- R. E. M. -------------------------

Reply to:

Follow-Ups:
- Re: Gopher TLS support in curl
  - From: John Goerzen <jgoerzen@complete.org>
- Re: Gopher TLS support in curl
  - From: Kacper Gutowski <mwgamera@gmail.com>

References:
- Re: Gopher TLS support in curl
  - From: John Goerzen <jgoerzen@complete.org>

Prev by Date: Re: Gopher TLS support in curl
Next by Date: Re: Gopher TLS support in curl
Previous by thread: Re: Gopher TLS support in curl
Next by thread: Re: Gopher TLS support in curl
Index(es):
- Date
- Thread