Petite Abeille petite.abeille at gmail.com
Mon Mar 1 11:08:38 GMT 2021
- - - - - - - - - - - - - - - - - - -
On Mar 1, 2021, at 11:44, Côme Chilliet <come at chilliet.eu> wrote:
Who is right?
No one. Everyone. It depends.
It's self-inflicted as well, as Gemini insists on mandating TLS — without having thought through how to actually use it, nor if it's even relevant to the protocol usage.
It's also dogmatic: not every contexts require TLS.
It could as well be redundant: different contexts may already provide their own security layer(s).
It may also introduce build-in obsolescence: a few years ago, Gemini would have mandated SSL. What now?
There is an easy way out of this conundrum: move the mechanical details of how to connect to a Gemini service out of the specification.
Provide instead connection profiles, such as Protocol Labs' multiaddr or similar:
https://multiformats.io/multiaddr/
That way, the gory details on how to connect to a Gemini service (THE HOW) is separated from the Gemini specification itself (THE WHAT).
±0¢