💾 Archived View for gemini.hitchhiker-linux.org › gemlog › some_thoughts_on_spartan.gmi captured on 2024-06-16 at 12:28:26. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-06-14)
-=-=-=-=-=-=-
Spartan is seeing a fair bit of adoption it would seem, including some software that I author and now my own Gemini capsule being mirrored on Spartan as of last night. It is an interesting protocol and very easy to work with, and handily solves certain issues that one might have with Gemini in a clever way. That said, I have mixed feelings about Spartan, especially when taken together with Gemini.
On the one hand, the simplification that goes hand in hand with ditching tls makes the protocol even simpler than one might expect, and the prompt line idea is a nice way to skip a round trip to the server. I also rather like the fact that cross site redirects are not allowed, and rather wish that Gemini had gone this way to begin with.
On the other hand, we have an upload capable protocol that sends everything in clear text. Unlike Gemini, which can use client certificates for authentication and session keeping, in Spartan probably the only way to keep a user session authenticated and alive would be by injecting a token into the url query, which is always going to be sent in plain text and therefore completely insecure.
So we have Gemini, which has an authentication and session tracking mechanism available, but limits uploads to a single line of text. And we have Spartan, which will let you upload however much data you choose, and also lets you tell the server how much to expect right in the header, but which you definitely wouldn't want to use for anything sensitive. It's easy to fantasize about Spartan with tls at this point.
But, I keep reminding myself, Gemini is purposely unattractive to traditional web developers and corporations. And that's a large part of it's charm. So maybe it's better this way after all. Either way, I think there's a good smattering of ideas in this space already, and I'll just stick to implementing the standards that others have thought up rather than devising another of my own to clutter the space more.
All content for this site is licensed as CC BY-SA.
© 2022 by JeanG3nie