[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of Gopher and TLS?

Hi all,

RANT follows: And it's Just my opinion, but if your offended stop reading now.

If you are publishing something to the PUBLIC what they heck do you need TLS for?

TLS is for VPN's... not for GOPHERS.  Certificates were created not to secure traffic but to reliably identify both ends of the transaction.  While you think your traffic is secure it's the meta data that is really important.  It's not what's being said that is important, it's who's talking to who.

If you want to share files and info privately and securely then set up a private encrypted network.
But quite frankly, since SSL was cracked decades ago I'm not sure why all this even matters

And just so we don't get in a religious discussion about AES256....

Here's what happens every day with SSL.
Put a blind transparent proxy in the middle.  Put up a fake SSL certificate, Or copy a real one. 
Make the certificate provider validate your fake cert.  If that doesn't get you started down the path
to what is happening daily then you should just go back to sleep and trust that your banking transactions are secure...

Banks are secured by Insurance not by software.  Industry standard is to keep law suits at bay not to protect you.
The appearance of protection is a marketing gimmick nothing more.  And real hacking is usually an inside job. 
What is the biggest challenge? Is it actually stealing something? No it's covering your tracks.
Getting in is EASY... getting out clean is where the real game is played.... 

AND finally, (I know this is very old and there have been "patches and revisions")
http://pauillac.inria.fr/~doligez/ssl/ (but hackers are better than 1995 too...Just sayin)

If you want something private don't publish it on the internet. 

Let gophers be gophers and https be https.  Don't fix something that ain't broke.
That's my opinion nothing more nothing less and it's just an opinion.


On 25/10/2022 03:30, James Mills wrote:
Hey guys and gals,

Long time since I posted to this mailing list. Obviously I don't use Gopher much (but do maintain a go-gopher[1] library for the Go programming language, a HTTP -> Gopher proxy[2] and Desktop client[3] 😅)

Question for the community:

What is the state of Gopher and TLS these days?

Kind regards


[1]: https://pkg.go.dev/git.mills.io/prologic/go-gopher
[2]: https://git.mills.io/prologic/gopherproxy (Public instance: https://gopher.mills.io)
[3]: https://git.mills.io/prologic/gopherclient

-- James Mills / prologic

Join Yarn.social today! The only decentralised social media that respects your privacy and freedoms!

E:    prologic@shortcircuit.net.au

Reply to: