[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gopher over TLS


Am 2021-12-06 10:18, schrieb Sean Conner:

It was thus said that the Great Mateusz Viste once stated:

2. advertising TLS through CAPS. First, a gopher client fetches the CAPS
(over plain text), and then it may switch to TLS queries if it sees TLS
being okay'ed in CAPS.

  The reason I didn't mention then is that I didn't even think of those
solutions.  Just trying to find a definitive specification for the CAPS file
has been challenging (and I've not found one yet).  Both of these ideas are
much better than what's going on right now.


of course the reason for TLS is (to state the obvious) that someone in between might read or even modify the data the client gets. If we assume a man-in-the-middle then the TLS option would be taken out of the CAPS response, which is why this may not work reliably.

I don't like the Gemini approach because it *forces* admin to go TLS and I expect that we will see lot of broken certificates in Gemini-space in a few years.

However, I also thought to add optional TLS to my client but I didn't look at any detail so far. From your discussion I understand that there is no easy way to probe for TLS, right?


Reply to: