Re: State of Gopher and TLS?

[Nuno Silva <nunojsilva@ist.utl.pt>]

On 2022-10-26 01:40 +0100, Steve wrote:
>
> On 25/10/2022 03:30, James Mills wrote:
> >
> > What is the state of Gopher and TLS these days?
[...]
> 
> If you are publishing something to the PUBLIC what they heck do you need 
> TLS for?
> 
> TLS is for VPN's... not for GOPHERS.  Certificates were created not to 
> secure traffic but to reliably identify both ends of the transaction.  
> While you think your traffic is secure it's the meta data that is really 
> important.  It's not what's being said that is important, it's who's 
> talking to who.

[ I snipped the rest of the quoted message for brevity, I'm not trying
to misrepresent its meaning, but just trying to avoid a too long quote ]

There is value in having encryption available, shall one need it,
there's also value in having clients that don't automatically engage
into non-encrypted connections.

But there is also value in having the plain, unencrypted gopher service.
Segmentation of the gopher universe is a real possibility if some
servers start employing big backwards-incompatible changes, especially
without offering compatible, unencrypted gopher.

So if somebody wants to support/offer encrypted browsing in gopherspace,
IMHO that would ideally go in hand with the regular version of the
protocol.

Let's not get into a state like HTTPS where some sites are now
unbrowsable with older browser software because of unsupported cyphers
and the like (without HTTP or with HTTP just redirecting to
HTTPS). That, I'd say, is a real problem with gopher: would it still be
enjoyable for those of us browsing gopher for fun if we couldn't open an
old client and browse the gopherspace with it?

-- 
Nuno Silva