[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Gopher over TLS

Hello,

Am 2021-12-06 10:18, schrieb Sean Conner:

It was thus said that the Great Mateusz Viste once stated:


2. advertising TLS through CAPS. First, a gopher client fetches the CAPS
(over plain text), and then it may switch to TLS queries if it sees TLS
being okay'ed in CAPS.


  The reason I didn't mention then is that I didn't even think of those
solutions.  Just trying to find a definitive specification for the CAPS file
has been challenging (and I've not found one yet).  Both of these ideas are
much better than what's going on right now.

  -spc

of course the reason for TLS is (to state the obvious) that someone in between might read or even modify the data the client gets. If we assume a man-in-the-middle then the TLS option would be taken out of the CAPS response, which is why this may not work reliably.

I don't like the Gemini approach because it *forces* admin to go TLS and I expect that we will see lot of broken certificates in Gemini-space in a few years.

However, I also thought to add optional TLS to my client but I didn't look at any detail so far. From your discussion I understand that there is no easy way to probe for TLS, right?

Regards,
Wolfgang

Reply to: