[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: State of Gopher and TLS?

does it stop zellous pc fanboys switching off all non secure access so that 1/3 of the gopher constellation is locked out because they default to tsl and claim everyone should upgrade, lord fonteroy-style?

From: Hiltjo Posthuma <hiltjo@codemadness.org>
Sent: Wednesday, 26 October 2022 6:04 PM
To: Nuno Silva <nunojsilva@ist.utl.pt>
Cc: gopher-project@other.debian.org <gopher-project@other.debian.org>
Subject: Re: State of Gopher and TLS?
On Wed, Oct 26, 2022 at 09:01:32AM +0100, Nuno Silva wrote:
> On 2022-10-26 01:40 +0100, Steve wrote:
> >
> > On 25/10/2022 03:30, James Mills wrote:
> > >
> > > What is the state of Gopher and TLS these days?
> [...]
> >
> > If you are publishing something to the PUBLIC what they heck do you need
> > TLS for?
> >
> > TLS is for VPN's... not for GOPHERS.  Certificates were created not to
> > secure traffic but to reliably identify both ends of the transaction. 
> > While you think your traffic is secure it's the meta data that is really
> > important.  It's not what's being said that is important, it's who's
> > talking to who.
> [ I snipped the rest of the quoted message for brevity, I'm not trying
> to misrepresent its meaning, but just trying to avoid a too long quote ]
> There is value in having encryption available, shall one need it,
> there's also value in having clients that don't automatically engage
> into non-encrypted connections.
> But there is also value in having the plain, unencrypted gopher service.
> Segmentation of the gopher universe is a real possibility if some
> servers start employing big backwards-incompatible changes, especially
> without offering compatible, unencrypted gopher.
> So if somebody wants to support/offer encrypted browsing in gopherspace,
> IMHO that would ideally go in hand with the regular version of the
> protocol.
> Let's not get into a state like HTTPS where some sites are now
> unbrowsable with older browser software because of unsupported cyphers
> and the like (without HTTP or with HTTP just redirecting to
> HTTPS). That, I'd say, is a real problem with gopher: would it still be
> enjoyable for those of us browsing gopher for fun if we couldn't open an
> old client and browse the gopherspace with it?
> --
> Nuno Silva

I agree and its how its solved:

Kind regards,

Reply to: