The TLS dilemma... I am recently stepped in a lot of server author logs dissatisfied about SSL/TLS on Gemini, looking for others alternatives; one above the others is the NOISE framework/protocol.
I do not understand anything about cryptography and, as long it works and it is safe, I do not really care about the underlying technology in use.
My question is if TLS didn't work out on the field for many, can we consider to change it for the good?
What are your thoughts in regard?
2 years ago Β· π fc
@krixano thanks... I refrained myself to ask questions that maybe were made a thousand times back in the early days... π Β· 2 years ago
Yeah, some parts of the early complaints about TLS was that old computers and pubnix's that use old Operating Systems (like TOPS-20/TWENEX, Multics, etc.) would not be able to use TLS, especially the newer versions of TLS.
The other thing that was pointed out was the possibility of something in the future that would replace TLS. And there were also concerns about the TLS handshake taking a lot of time or bandwidth, too, as well as whether TLS was really needed if we were just sending public information over. However, the addition of client certificates changes things by allowing for actually-private data transfer on Gemini, and hence would need TLS. Β· 2 years ago
@lykso & @darnl I would not give up with encrypted communication with client & server; even though we are not doing anything bad or illegal, or doing banking online, I do not see why we should give for free what we are doing on the Gemini space, letting anyone allowed to sniff what we are doing. Β· 2 years ago
@lykso there was the first wave of people complaining against the crypto/TLS. Which don't see the benefits of having crypted connection against the hassles to implement it.
The second wave want preserve this feature but using a different approach, even though are more prone to dismiss it while still TLS.... π€·ββοΈ Β· 2 years ago
i would have loved wireguard style noise being used for gemini. pubkey of server could be stored in dns. not perfect (unless dnssec) but probably good enough. client identify done via client key. crypto can be implemented in 4k lines. really donβt get the need for tls. Β· 2 years ago
Assuming we've read the same posts, I believe the Spartan protocol was the answer to those concerns. Unless you've read some complaints I'm unfamiliar with, I think the issue some people had with Gemini's use of TLS was not so much the type of cryptography used but rather that cryptography was used at all. Β· 2 years ago