The Gemini protocol - The WWW

Users browsing this thread: 2 Guest(s)
z3bra
Grey Hair Nixers
@freem, dude you're overreacting a bit there. You seem to take it personally at this point 😂
I used to think just like you, specifically about the crypto part. However, I've been digging through crypto services a bit more recently, and I took a step back on that point.

(04-01-2021, 11:33 AM)freem Wrote: why should such a protocol specify a builtin crypto?

It doesn't specify "builtin" crypto, but rather, that TLS encryption must be used to communicate with the server, which is totally different. It means that a crypto-less server implementation is totally fine, as long as the TCP connection is encrypted. Just like you do with your darkhttp server.

The fact that they "enforce" it at the spec level is still a risky move IMO, because it doesn't take into account connections set in an already encrypted environment (IPSec, wireguard, yggdrasil, …), which render e2e crypto meaningless.
But it's good for the majority of the cases, and especially internet-wise.

(05-01-2021, 05:55 PM)freem Wrote: it's crap to not be able to reuse existing programs which only do that layer

Keep in mind also, that Gemini aims to define some features in the protocol that are greatly helped by the TLS requirement: Virtual hosting through SNI, and Certificate based authentication.
Those two features are a great addition to the protocol (I miss virtual hosting myself with gopher for example), and they decided to rely on existing mechanisms rather than bloating their protocol with headers and what-not like HTTP does.

This fits the "do one thing and do it well" mindset in a way: reuse TLS protocol SNI + Cert auth rather than implement their own. And the cool stuff about it, you can also offload that to an SSL-enabled proxy rather than implement it within your Gemini client 😉

As a conclusion, let me say that I agree with you that enforcing TLS transactions is an heavily opiniated decision, they managed to keep it separated enough from the actual protocol to make it easier to integrate with existing tools handling TLS, and not having to implement it at the server level.


Messages In This Thread
The Gemini protocol - by bouncepaw - 05-08-2020, 02:29 PM
RE: The Gemini protocol - by gmk - 05-08-2020, 02:32 PM
RE: The Gemini protocol - by venam - 05-08-2020, 03:06 PM
RE: The Gemini protocol - by bouncepaw - 05-08-2020, 04:46 PM
RE: The Gemini protocol - by jkl - 06-08-2020, 02:23 PM
RE: The Gemini protocol - by z3bra - 06-08-2020, 06:12 PM
RE: The Gemini protocol - by pkal - 07-08-2020, 08:52 AM
RE: The Gemini protocol - by bouncepaw - 07-08-2020, 05:22 PM
RE: The Gemini protocol - by jkl - 08-08-2020, 02:44 AM
RE: The Gemini protocol - by twee - 08-08-2020, 01:36 PM
RE: The Gemini protocol - by bouncepaw - 10-08-2020, 06:30 PM
RE: The Gemini protocol - by prx* - 29-12-2020, 05:54 PM
RE: The Gemini protocol - by freem - 04-01-2021, 11:33 AM
RE: The Gemini protocol - by prx* - 05-01-2021, 07:39 AM
RE: The Gemini protocol - by freem - 05-01-2021, 05:55 PM
RE: The Gemini protocol - by josuah - 22-10-2021, 01:20 PM
RE: The Gemini protocol - by z3bra - 25-10-2021, 10:58 AM
RE: The Gemini protocol - by Seirdy - 16-06-2022, 07:53 PM