Re: State of Gopher and TLS?
It was thus said that the Great Mateusz Viste once stated:
> On 25/10/2022 14:44, Josuah Demangeon wrote:
> >I think it was added because the trick to allow TLS on same port (peek at
> >the first byte before really reading it) was simple and easy to implement
> >server-side and has no consequence client-side (not breaking TCP-only).
> Could also crash a fragile - yet conforming - server implementation that
> is not expecting to receive binary garbage from a client, or at least
> pollute the server's logs with weird, possibly unreadable entries.
You don't need TLS for that. The modern Internet is a very unforgiving
place. Over the past month, my gopher server  has received 12
requests that fit your criteria, and they aren't all TLS (only 4). From my
logs (sans TLS requests):
\0\0\0XXSMBr\0\0\0\0\8\1@\0\0\0\0\0\0\0\0\0\0\0\0\0\0@\6\0\0\1\0\0X\0\2PC NETWORK PROGRAM 1.0\0\2MICROSOFT NETWORKS 1.03\0\2MICROSOFT NETWORKS 3.0\0\2LANMAN1.0\0\2LM1.2X002\0\2Samba\0\2NT LANMAN
If anything, the TLS attepts have gone down over the past year. The only
time I ever found it seriously annoying was one gopher bot (similar to a
web bot) making a TLS request for every request instead of caching the
> >And gopher with TLS still need some strateg for trusting certificates.
> >Maybe trust on first use is good? A bit like SSH?
That's a major criticism of Gemini (besides the other one, which is to
remove TLS completely , which I find funny because TLS was the sole
reason it came about---as a gopher like protocol over TLS).
> Use some other tunneling instead of TLS, then. But in any case, do not
> call the resulting thing "Gopher", and do not hijack a TCP port that
> have been in use since 30 years...
Agree, and it's known as Gemini.
 Using my own gopher server software:
 There are two camps here---the first one that thinks TLS is not
necessary at all, too complex and therefore, should be removed; and
the second camp, which finds TLS too complex and therefore, it
should be replaced with a bespoke encryption scheme they saw
somewhere that is "simple" but yet no implementations exist.