💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › 1638263471.bystand@zzo38co… captured on 2023-04-26 at 14:08:47. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2022-03-01)
-=-=-=-=-=-=-
From: news@zzo38computer.org.invalid
Subject: Re: Textual Web
Date: Tue, 30 Nov 2021 01:34:08 -0800
Message-ID: <1638263471.bystand@zzo38computer.org>
Jason McBrayer <jmcbray@carcosa.net> wrote:
Some people want Gemini without TLS because they use (or want to keep
open the option of using) devices that are either too old to support TLS
(i.e., 8- or 16-bit micros ) or which are locked down and old enough
that they will never be updated to support TLS 1.2 and TLS 1.3
(i.e. many Android 4.4 or earlier devices). My personal recommendation
for these devices is just to use Gopher, but even without TLS, Gemini
does provide some useful features over Gopher (virtual hosts, MIME types
in responses), which explains why some people still want it.
These are some reasons why you might want Gemini without TLS, yes. Some
other possible reasons are for simple testing purposes, or for simplicity,
or to avoid incompatibility with mismatching TLS versions, or if you want
to provide both as an option (it is my opinion to have both TLS and non-TLS
services and the client can connect what they want to do), or to save
energy, or some other reasons. Any of the reasons you list are also valid
reasons, too.
My intention is that this "insecure-gemini" protocol is exactly like the
normal Gemini but without TLS and without 6x responses; everything else
is the same (so that an implementation can do both without needing to
write a separate implementation of each).
(If the requested file needs a client certificate to be accessed, then it
should redirect to the secure protocol, and then the response to the secure
request will be a 6x response.)
However, there is, I suppose, two question to figure out:
1. What will be the URI scheme? I proposed "insecure-gemini:"; it makes it
obvious that it is insecure and isn't really encouraged, but is a bit long.
I think I have seen "pollux:" as another suggestion, and "mercury:", but
I don't know what to do.
2. What port number to use? I think that using the same port number as the
TLS shouldn't be a problem since I think a TLS session must always begin
with a byte that is not valid at the beginning of a URL, so the protocol
will not be ambiguous since the client always sends first in Gemini.
(Maybe there is also another one that I forgot.)
Parent:
Re: Textual Web (by Jason McBrayer <jmcbray@carcosa.net> on Mon, 29 Nov 2021 12:16:27 -0500)
Start of thread:
Textual Web (by David Arch <david@tilde.institute> on Wed, 27 Oct 2021 20:32:16 -0000 (UTC))