Re: State of Gopher and TLS?
On Wed, Oct 26, 2022 at 09:01:32AM +0100, Nuno Silva wrote:
> On 2022-10-26 01:40 +0100, Steve wrote:
> >
> > On 25/10/2022 03:30, James Mills wrote:
> > >
> > > What is the state of Gopher and TLS these days?
> [...]
> >
> > If you are publishing something to the PUBLIC what they heck do you need
> > TLS for?
> >
> > TLS is for VPN's... not for GOPHERS. Certificates were created not to
> > secure traffic but to reliably identify both ends of the transaction.
> > While you think your traffic is secure it's the meta data that is really
> > important. It's not what's being said that is important, it's who's
> > talking to who.
>
> [ I snipped the rest of the quoted message for brevity, I'm not trying
> to misrepresent its meaning, but just trying to avoid a too long quote ]
>
> There is value in having encryption available, shall one need it,
> there's also value in having clients that don't automatically engage
> into non-encrypted connections.
>
> But there is also value in having the plain, unencrypted gopher service.
> Segmentation of the gopher universe is a real possibility if some
> servers start employing big backwards-incompatible changes, especially
> without offering compatible, unencrypted gopher.
>
> So if somebody wants to support/offer encrypted browsing in gopherspace,
> IMHO that would ideally go in hand with the regular version of the
> protocol.
>
> Let's not get into a state like HTTPS where some sites are now
> unbrowsable with older browser software because of unsupported cyphers
> and the like (without HTTP or with HTTP just redirecting to
> HTTPS). That, I'd say, is a real problem with gopher: would it still be
> enjoyable for those of us browsing gopher for fun if we couldn't open an
> old client and browse the gopherspace with it?
>
> --
> Nuno Silva
>
I agree and its how its solved:
gopher://bitreich.org/0/usr/20h/phlog/2020-06-07T18-28-23-863932.md
--
Kind regards,
Hiltjo
Reply to: