💾 Archived View for gemini.bunburya.eu › newsgroups › gemini › messages › tjpafp$1g68k$1@news.mixmin… captured on 2024-08-24 at 23:56:57. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
From: Text Master <text@mast.er>
Subject: Gemini Cryptography Protocol Proposal
Date: Mon, 31 Oct 2022 15:17:35 -0500
Message-ID: <tjpafp$1g68k$1@news.mixmin.net>
I see mandatory TLS or any mandatory crypto scheme as a grey goo problem
that creates limitations and unnecessary complexity and overhead that
will grow like grey goo over time.
Communication protocols should be crypto and cipher-agnostic. The
end-user client and server should decide how to proceed with crypto.
Putting all eggs in one crypto basket is ill-advised.
There are many potential use cases for different crypto schemes or no
crypto at all. Being bound to one crypto scheme hampers and complicates
a lot of potential and imaginative use cases.
I suggest that going forward the protocol definition have a header
instruction that allows negotiation of different crypto schemes, or no
scheme at all.
It is also possible to have schemes that serve digitally signed plain
text over a clear text connection, without an encrypted channel. Such
would be perfectly suited for a public-facing site that is serving only
public text. This provides authenticity without the TLS overhead, and
allows any custom arrangement of ciphering, key exchange, certificate
authority and authentication that servers and clients would desire.
We don't need yet another mandatory cryptosystem in between every
communication in every context.
I propose for your consideration:
Adjust the Gemini protocol with a clear standard requirement that the
protocol itself be cryptography neutral or 'crypto agnostic'.
Adjust the Gemini protocol with a clear standard that the protocol
itself is concerned only with the format and stream between endpoints.
Adjust the Gemini protocol with a clear standard requirement that
decisions regarding encryption, authentication and connection security
be left up to the designers of clients and servers and the endpoint users.
Adjust the Gemini protocol with a clear standard header instruction for
the negotiation, selection, and establishment of cryptographic
primitives, signatures, authentication, or lack thereof.
--
Text Master
YE4RVOOQ46VI47W2TIMT56QEHGIQQM4DNEIRQXU6FXPZX5IV6NTA
Children: