💾 Archived View for tilde.pink › ~slondr › beyond-spartan.gmi captured on 2023-07-22 at 16:46:07. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
I have working Gemini and Spartan server implementations under my belt now[1], and having spent some time seeking out Spartan-hosted content via clients that make it easy to traverse both geminispace and sparta it's a pretty good experience.
The only things I think I can feel missing in sparta which gemini makes a non-issue are user sessions of some sort, allowing specific interactivity, and protocol-level resiliance to bad actors on the network. In Gemini, both of these tasks are accomplished via TLS.
I dislike TLS for the usual reasons, and have been brainstorming for awhile about how feasible it is to bridge the gap (of sorts) between the real utility of Gemini and Spartan's ease of implementation. For some time I was focusing on the Noise protocol framework, specifically NoiseSocket. The Gemini FAQ has an entry about why TLS was chosen over an NPF implementation, but none of the rationale in that FAQ entry really hold up anymore[2], and NPF seems way more in line with Gemini's needs for transport security—namely, a secure tunnel backed by a DH public key system with minimal external dependencies.
solderpunk's official Gemini FAQ
NoiseSocket, an small NPF protocol which standardizes a generic transport layer
More recently, I'm starting to think that even Noise may be too large-scale to fit the spirit of Gemini. Sure, relying on libsodium for crypto and an RFC everyone can read and implement in a week is great, but there's still a lot left even in NoiseSocket that is irrelevant to geminispace and sparta.
spartan-over-SSH.
Think about it! SSH is probably the most ubiquitous secure transport layer protocol that exists in terms of the number of unique client configurations it runs on (SSL definitely wins in nominal user agents, but really old computers get euthanized by progressive TLS standards, so there are a gigantic number of machines and even entire operating systems that have perfectly functional SSH clients and no viable way to get a working TLS client). SSH checks all the required boxes regarding security-on-the-wire, the ability to anonymously yet uniquely identify visitors, and configuring a server-side SSH application is about as easy as setting up a Gemini wire protocol server which sits behind a TLS proxy.
Also, TOFU is baked into the SSH environment; the Gemini FAQ explicitly lists SSH's model as what the Gemini ecosystem's usage of TLS wanted to emulate. Why emulate when you can implement?
There's a lot of precedent for building SSH-backed server applications when you want unique identities and secure transport but don't care about building a web of trust for authentication (ie, PGP over unreliable protocols) or a chain of trust for building a capital-o Official repertoire (ie, HTTPS using TLS). Git does this and it took over the universe while doing so. There's plenty of homebrew MUDs and similar video games out there, even chat applications and that one VPN service.
The SSH protocol itself is governed by four RFCs:
RFC 4251 - The Secure Shell (SSH) Protocol Architecture
RFC 4253 - The Secure Shell (SSH) Transport Layer Protocol
RFC 4252 - The Secure Shell (SSH) Authentication Protocol
RFC 4254 - The Secure Shell (SSH) Connection Protocol
I haven't yet attempted to build a server program which talks SSH while also sitting on its own socket, but it's definitely possible within the bounds of the protocol itself.
I'm really, really curious what the community's thoughts on this are. If there's no ticking time bomb I haven't realized yet, I might take a weekend at some point and try to build a bridge between sshd and my spartan server. You get a client for free via piping a request into an ssh command-line invocation, but a "pretty" wrapper for that operation is definitely not difficult to put together.
If it actually works well, maybe a proof of concept Gemini-over-SSH would be in the works too...
I check Antenna regularly so please write up your thoughts and share them :D
[1] although, the fact that I am clearly not dogfooding my gemini or spartan servers might tell you something about how confident I am in them :)
[2] some, including myself, would argue that gemini's rationale for selecting TLS over Noise did not even hold up in 2019, although the fact that there are several rock-hard clients and servers at this point probably make such an argument pointless.