💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › 1638263471.bystand@zzo38co… captured on 2024-07-08 at 23:28:00. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2022-03-01)

-=-=-=-=-=-=-

Re: Textual Web

Message headers

From: news@zzo38computer.org.invalid

Subject: Re: Textual Web

Date: Tue, 30 Nov 2021 01:34:08 -0800

Message-ID: <1638263471.bystand@zzo38computer.org>

Message content

Jason McBrayer <jmcbray@carcosa.net> wrote:

Some people want Gemini without TLS because they use (or want to keep
open the option of using) devices that are either too old to support TLS
(i.e., 8- or 16-bit micros ) or which are locked down and old enough
that they will never be updated to support TLS 1.2 and TLS 1.3
(i.e. many Android 4.4 or earlier devices). My personal recommendation
for these devices is just to use Gopher, but even without TLS, Gemini
does provide some useful features over Gopher (virtual hosts, MIME types
in responses), which explains why some people still want it.

These are some reasons why you might want Gemini without TLS, yes. Some

other possible reasons are for simple testing purposes, or for simplicity,

or to avoid incompatibility with mismatching TLS versions, or if you want

to provide both as an option (it is my opinion to have both TLS and non-TLS

services and the client can connect what they want to do), or to save

energy, or some other reasons. Any of the reasons you list are also valid

reasons, too.

My intention is that this "insecure-gemini" protocol is exactly like the

normal Gemini but without TLS and without 6x responses; everything else

is the same (so that an implementation can do both without needing to

write a separate implementation of each).

(If the requested file needs a client certificate to be accessed, then it

should redirect to the secure protocol, and then the response to the secure

request will be a 6x response.)

However, there is, I suppose, two question to figure out:

1. What will be the URI scheme? I proposed "insecure-gemini:"; it makes it

obvious that it is insecure and isn't really encouraged, but is a bit long.

I think I have seen "pollux:" as another suggestion, and "mercury:", but

I don't know what to do.

2. What port number to use? I think that using the same port number as the

TLS shouldn't be a problem since I think a TLS session must always begin

with a byte that is not valid at the beginning of a URL, so the protocol

will not be ambiguous since the client always sends first in Gemini.

(Maybe there is also another one that I forgot.)

Related

Parent:

Re: Textual Web (by Jason McBrayer <jmcbray@carcosa.net> on Mon, 29 Nov 2021 12:16:27 -0500)

Start of thread:

Textual Web (by David Arch <david@tilde.institute> on Wed, 27 Oct 2021 20:32:16 -0000 (UTC))