[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of Gopher and TLS?

Thanks for the response guys. I won't waste my time and effort.

Kind regards


-- James Mills / prologic

Join Yarn.social today! The only decentralised social media that respects your privacy and freedoms!

E:    prologic@shortcircuit.net.au

On Tue, Oct 25, 2022 at 10:45 PM Josuah Demangeon <me@josuah.net> wrote:
Mateusz Viste <mateusz@viste.fr> wrote:
> On 25/10/2022 11:53, barana . wrote:
> >   when you upgrade servers so that people who browse with low h.p.
> > devices are locked out....
> > (...)
> > gopher servers leave behind the only clients that gopher effectively
> > serves.... kinda pointless.
> Wholeheartedly agree. Gopher is a technology from the early 90s. Runs
> great on my 8086, and that's what makes it valuable: it's dead simple,
> lightweight and has been around for a long time.
> Adding complexity to such a protocol is nonsense, it can only lead to
> fragmentation of an already very sparse* community.

The clients should not need a patch to access the various gopher servers.

I think it was added because the trick to allow TLS on same port (peek at
the first byte before really reading it) was simple and easy to implement
server-side and has no consequence client-side (not breaking TCP-only).

> If one wants to play with "modern security", then there is a lot of far
> more interesting options, like gnunet, ipfs, tor, etc. No need to
> fracture good old Gopher with some broken TLS abomination.

TLS certificates authorities only help to secure people on Starbuck's WiFi
doing online payment. Not something to put into Gopher!

Good to remember the mistakes of the past^Wpresent.
And gopher with TLS still need some strateg for trusting certificates.

Maybe trust on first use is good? A bit like SSH?

> *as of today, the Observable Gopherspace Universe Project reports a mere
> 306 operational servers.

These numbers confirm that maintaining compatibility is necessary.

Reply to: