💾 Archived View for bbs.geminispace.org › s › Gemini › 3744 captured on 2023-11-14 at 08:49:38. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-11-04)
-=-=-=-=-=-=-
is there some tls implementation for small devicdes? there is a tcp stack in kon-tiki, and maybe other implementations. is it possible to use tls on some 8bit device with 64kb of memory? i am thinking of potential implementations on avr, 6502. i guess m68k may even run real openssl library?
Aug 01 · 3 months ago
if you consider pi zero and similar devices to be smol then there is the beppy device kelbot shared as well as pocketchip I am looking for beppy when it has a case for PCB. my kobo ereader has verry basic web browser which works well with portal.mozz.us
heh, something that can run linux (and my understanding that his device runs) is not small, since it can have openssl. i wonder how can we use gemini with smaller devices. let's say c64 can run gopher browser, and i guess i can write a spartan client (spartan doesn't use encryption, yes?) for such a machine. but gemini means tls encryption, and that is what i wonder.
📻 solderpunk · Aug 02 at 19:00:
BearSSL (https://bearssl.org/) is designed for embedded devices and claims that a minimal server can take the form of a 20 kb binary that uses 25 kb of RAM. I don't know if anybody has built a Gemini client on top of it yet. I'd love to know if somebody has. I think AVRs and 6502/Z80s are right out of the question, but m68k is not only possible, it has been done, there is a Gemini client for some late model Amigas. There have also been a few people doing Gemini stuff on ESP8266 devices. I am interested in collecting resources on using very limited and/or very old devices for Gemini, and sometime this year I'll ask for help in setting up an official page for it.
🍵 michaelnordmeyer · Aug 02 at 21:52:
@solderpunk BearSSL seems a little bit behind. While it might have gained TLSv1.3 support, it doesn't support Ed25519 certificates, which has tripped me up at the beginning of the year. Gmisub uses BearSSL and couldn't connect to my capsule serving this kind of certificate. I had to downgrade to ECDSA.
gmni and gmnilm also use BearSSL (which also tripped me up in the same way it did michaelnordmeyer).
📻 solderpunk · Aug 03 at 16:40:
@michaelnordmeyer Gosh darn it, I didn't want to hear that. Also on my TODO list for this year is to setup a TLS1.3 only, ED25519 certificate version of the official capsule on port 19650 and encourage people to try it out with as wide a range of clients and operating systems as possible to gather some good data on how feasible it would be to start encouraging migration in that direction. I sort of hoped that maybe we'd finally be getting close...
Probably not as small as you'd like. My capsule was slow when I hosted it on ESP32, and even slower on a Pi Pico W. It works, but the handshake is very slow with EC. (Both with mbedtls, which is still limited to TLS 1.2.)
@dimkr would the spartan protocol be a better fit for those kinds of devices since it does not do TLS?
@Smokey In some ways, Spartan is a good alternative for small devices with static content (so no need for "authenticated users"), as long as the users use a client that supports Spartan and not just Gemini
📻 solderpunk · Aug 05 at 09:30:
@smokey @dimkr For devices where TLS is really not possible, there's also the option of running something like Cosmarmot on a Pi on the same network, it translates Gemini stuff to Gopher. See https://git.carcosa.net/jmcbray/cosmarmot/
@solderpunk (Seeing myself mentioned in your reply made me blush) Proxying is definitely an option, but I prefer not to add a "computer" that acts as a "TLS accelerator" for the Pico W running my Gemini capsule, and Gopher is not really an alternative (because of the fixed width and other limitations). I want to like Spartan but I'd prefer an "exactly Gemini minus the TLS" protocol supported by all conformant Gemini clients, for the sake of code reuse.