Hi all,
RANT follows: And it's Just my opinion, but if your offended stop
reading now.
If you are publishing something to the PUBLIC what they heck do
you need TLS for?
TLS is for VPN's... not for GOPHERS. Certificates were created
not to secure traffic but to reliably identify both ends of the
transaction. While you think your traffic is secure it's the meta
data that is really important. It's not what's being said that is
important, it's who's talking to who.
If you want to share files and info privately and securely then
set up a private encrypted network.
But quite frankly, since SSL was cracked decades ago I'm not sure
why all this even matters
And just so we don't get in a religious discussion about
AES256....
Here's what happens every day with SSL.
Put a blind transparent proxy in the middle. Put up a fake SSL
certificate, Or copy a real one.
Make the certificate provider validate your fake cert. If that
doesn't get you started down the path
to what is happening daily then you should just go back to sleep
and trust that your banking transactions are secure...
Banks are secured by Insurance not by software. Industry
standard is to keep law suits at bay not to protect you.
The appearance of protection is a marketing gimmick nothing more.
And real hacking is usually an inside job.
What is the biggest challenge? Is it actually stealing something?
No it's covering your tracks.
Getting in is EASY... getting out clean is where the real game is
played....
AND finally, (I know this is very old and there have been "patches
and revisions")
http://pauillac.inria.fr/~doligez/ssl/ (but hackers are better
than 1995 too...Just sayin)
If you want something private don't publish it on the internet.
Let gophers be gophers and https be https. Don't fix something
that ain't broke.
That's my opinion nothing more nothing less and it's just an
opinion.
S.
Hey guys and gals,
Long time since I posted to this mailing list. Obviously I don't use Gopher much (but do maintain a go-gopher[1] library for the Go programming language, a HTTP -> Gopher proxy[2] and Desktop client[3] 😅)
Question for the community:
What is the state of Gopher and TLS these days?
Kind regards
James
[2]: https://git.mills.io/prologic/gopherproxy (Public instance: https://gopher.mills.io)[3]: https://git.mills.io/prologic/gopherclient
-- James Mills / prologic
Join Yarn.social today! The only decentralised social media that respects your privacy and freedoms!
E: prologic@shortcircuit.net.au