💾 Archived View for rawtext.club › ~sloum › geminilist › 007492.gmi captured on 2021-11-30 at 19:37:34. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
Sean Conner sean at conman.org
Mon Nov 1 22:55:27 GMT 2021
- - - - - - - - - - - - - - - - - - -
It was thus said that the Great Charles Iliya Krempeaux once stated:
A number of things to reply to. I wasn't sure whether to reply to
everything in one giant e-mail, or to reply in separate e-mails (that could
turn into their own separate threads). I think I'll create a small number
of separate replies to make it easier for others to follow.
Regarding:
gopher://
zaibatsu.circumlunar.space/0/~solderpunk/phlog/why-gopher-needs-crypto.txt
I think the main topics of this is:
â„–1: being able to detect (or prevent) content modification, and
â„–2: being able to protect one's privacy and make spying very difficult (if
not impossible).
(Please correct me if I missed anything.)
Let's get technical about this —
I haven't read the Gopher spec in a long time, so don't recall whether
there is something technical that would prevent it, but —
Yes there is: <http://boston.conman.org/2019/03/31.1> Basically, it's hardto retrofit TLS into gopher without breaking existing clients. You couldpossibly force it, <http://boston.conman.org/2021/09/28.1>, but there aresecurity concerns about forced downgrades.
One could try to use content-addressing to try to detect content
modification.
For example, there could be a convention created (and Gopher clients
modified) such that the path in the gopher URL would contain a digest (from
a cryptographic hash function) of the content. For example:
gopher://
example.com/content/base64/sha3-512/ld7McvClCuTZ1TeOGyJSWHz8cZd+QyksjxuEZIJIUJ8bwYvG8LDQuGBqZD7/YdYRroTm+9SiaDFlcGvW/UizNA==
Notice that there are three main parts to this:
• base64
• sha3-512
•
ld7McvClCuTZ1TeOGyJSWHz8cZd+QyksjxuEZIJIUJ8bwYvG8LDQuGBqZD7/YdYRroTm+9SiaDFlcGvW/UizNA==
The gibberish is base64 encoding of the digest of a sha3-512 hash function.
(One could use base64url if they didn't want the gibberish to have the "/"
symbol.)
Someone would need to modify Gopher clients to recognize that type of
gopher URL, and then, once the data is downloaded, verify that its digest
matches the digest in the URL.
There's an awful large number of gopher clients that would need updating,and probably won't. Also, this topic might be better discussed on thegohper mailing list: <https://lists.debian.org/gopher-project/>.
And encryption (such as TLS, mentioned in the document) could help prevent
the spying to help protect privacy
(Although there are other options than just TLS.)
And as I've stated before, present both a server and client as aproof-of-concept, then it can be discussed. Until then, it's a no go (atleast, that would be my stance but I stepped down from Gemini development).
-spc