RANT follows: And it's Just my opinion, but if your offended stop
If you are publishing something to the PUBLIC what they heck do
you need TLS for?
TLS is for VPN's... not for GOPHERS. Certificates were created
not to secure traffic but to reliably identify both ends of the
transaction. While you think your traffic is secure it's the meta
data that is really important. It's not what's being said that is
important, it's who's talking to who.
If you want to share files and info privately and securely then
set up a private encrypted network.
But quite frankly, since SSL was cracked decades ago I'm not sure why all this even matters
And just so we don't get in a religious discussion about AES256....
Here's what happens every day with SSL.
Put a blind transparent proxy in the middle. Put up a fake SSL certificate, Or copy a real one.
Make the certificate provider validate your fake cert. If that doesn't get you started down the path
to what is happening daily then you should just go back to sleep and trust that your banking transactions are secure...
Banks are secured by Insurance not by software. Industry
standard is to keep law suits at bay not to protect you.
The appearance of protection is a marketing gimmick nothing more. And real hacking is usually an inside job.
What is the biggest challenge? Is it actually stealing something? No it's covering your tracks.
Getting in is EASY... getting out clean is where the real game is played....
AND finally, (I know this is very old and there have been "patches and revisions")
http://pauillac.inria.fr/~doligez/ssl/ (but hackers are better than 1995 too...Just sayin)
If you want something private don't publish it on the internet.
Let gophers be gophers and https be https. Don't fix something that ain't broke.
That's my opinion nothing more nothing less and it's just an opinion.
Hey guys and gals,
Long time since I posted to this mailing list. Obviously I don't use Gopher much (but do maintain a go-gopher library for the Go programming language, a HTTP -> Gopher proxy and Desktop client 😅)
Question for the community:
What is the state of Gopher and TLS these days?