[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of Gopher and TLS?

On Wed, Oct 26, 2022 at 09:01:32AM +0100, Nuno Silva wrote:
> On 2022-10-26 01:40 +0100, Steve wrote:
> >
> > On 25/10/2022 03:30, James Mills wrote:
> > >
> > > What is the state of Gopher and TLS these days?
> [...]
> > 
> > If you are publishing something to the PUBLIC what they heck do you need 
> > TLS for?
> > 
> > TLS is for VPN's... not for GOPHERS.  Certificates were created not to 
> > secure traffic but to reliably identify both ends of the transaction.  
> > While you think your traffic is secure it's the meta data that is really 
> > important.  It's not what's being said that is important, it's who's 
> > talking to who.
> [ I snipped the rest of the quoted message for brevity, I'm not trying
> to misrepresent its meaning, but just trying to avoid a too long quote ]
> There is value in having encryption available, shall one need it,
> there's also value in having clients that don't automatically engage
> into non-encrypted connections.
> But there is also value in having the plain, unencrypted gopher service.
> Segmentation of the gopher universe is a real possibility if some
> servers start employing big backwards-incompatible changes, especially
> without offering compatible, unencrypted gopher.
> So if somebody wants to support/offer encrypted browsing in gopherspace,
> IMHO that would ideally go in hand with the regular version of the
> protocol.
> Let's not get into a state like HTTPS where some sites are now
> unbrowsable with older browser software because of unsupported cyphers
> and the like (without HTTP or with HTTP just redirecting to
> HTTPS). That, I'd say, is a real problem with gopher: would it still be
> enjoyable for those of us browsing gopher for fun if we couldn't open an
> old client and browse the gopherspace with it?
> -- 
> Nuno Silva

I agree and its how its solved:

Kind regards,

Reply to: