An outside perspective on the Gemini spec is the hot topic this week.
The discussion is around a blog post by Daniel Stenberg:
The Gemini Protocol Seen By This HTTP Client Person
Which has led to various responses across Geminispace, for example:
So of course I need to add my two cents. Cue heading...
I want to start by saying “thank you” to Daniel. Careful input from an independent expert is hard to come by and very high value. Thank you!
I think a lot of the response from Gemini advocates can be summarized as “working as intended”, which is fine; it’s still useful to have the surprising nature of the spec highlighted. Gemini is limited by design.
The points on the vague parts of the spec are well made and well taken.
I’m not sure if I count as part of “the community” yet, but, hey, I have a capsule, I have an opinion! So here goes. I think that as a community we need to accept that the state of the spec is a weakness; the fact that there is no clear path to iterating on it to improve accuracy and clarity is not ideal.
Having said that, it’s not a big weakness. An unmaintained spec supporting an inactive community would be more than a weakness, it would be a tombstone. What we see instead is an unmaintained spec supporting an active community; there is value here. And the spec as it is today is attractive to people who are a fit for what Gemini provides, so it’s sufficient for purpose.
For me the point of Daniel’s that looks strongest is about UTF-8 in URLs; clarifying would improve the spec, if there is ever an opportunity to update it.
The same goes for clarifying handling of port numbers.
On TOFU, I think the Gemini spec could more clearly state the goals and intended user experience. TOFU is not as secure as using a certificate authority, so why use TLS at all? The weaker promise provided is that you’re talking to the same server you were talking to yesterday. The CA verifies identity; TOFU verifies pseudonymous identity. I’m still not 100% convinced it’s the right tradeoff, but it seems like a reasonable choice. I have some thoughts on the right client UI which I’ll likely share in another post.
There was also some discussion on Hacker News, which I won’t bother to link to. I didn’t read anything particularly alarming or hostile—it’s worth remembering that from an outside perspective, Gemini is a very surprising thing. Some of the Gemini community posted detailed responses with useful information, which is great.
I think that any discussion that might cause interested people to read the spec is a good thing. It was reading the spec—or rather, the FAQ—that got me interested.
Here’s to the next thousand capsules; I look forward to reading them.
So far today, 2024-11-25, feedback has been received 2 times. Of these, 0 were likely from bots, and 2 might have been from real people. Thank you, maybe-real people!
——— / \ i a | C a \ D n | irc \ / ———