The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Tuesday, September 28, 2021

You could add crypto to gopher, but I think it's a hack

I received the following email today:

From
Trevor Clarke <XXXXX­XXXXX­XXXXX­XXX>
To
sean@conman.org
Subject
Secure gopher comment
Date
Tue, 28 Sep 2021 16:21:10 -0400

I just read your post http://boston.conman.org/2019/03/31.1

About the difficultly of adding TLS to gopher. I don't think it's as bleak as you suggest. A client supporting secure gopher simply sends a TLS client hello packet when first connecting to the server. If it receives nothing or receives something that is not a valid server hello it drops the connection and switches to regular gopher for that server. To minimize the number of failed attempts the client can cache the type of server during a session or persist the status for a period of time before trying again.

As I wrote back, this is already being done by clients as can be seen from my gopher logs:

Sep 28 09:10:44 daemon info 71.19.142.20 gopher remote=XXXXXX.1.36 status=false request="223120101…" bytes=82
Sep 28 09:10:44 daemon info 71.19.142.20 gopher remote=XXXXXX.1.36 status=true request="Gopher:Src:port70/handlers/" bytes=505
Sep 28 16:44:41 daemon info 71.19.142.20 gopher remote=XXXXXX.1.36 status=false request="223120101…" bytes=82
Sep 28 16:44:41 daemon info 71.19.142.20 gopher remote=XXXXXX.1.36 status=true request="Phlog:2004" bytes=533
Sep 28 18:04:43 daemon info 71.19.142.20 gopher remote=XXXXXX.1.36 status=false request="223120101…" bytes=82
Sep 28 18:04:43 daemon info 71.19.142.20 gopher remote=XXXXXX.1.36 status=true request="Bible:" bytes=10647

There's also a trick that servers can do to “seamlessly” support TLS—peek at the initial packet for the start of a TLS connection, and if it doesn't match, then fall back to the normal TCP routine. There's also the posibility of a downgrade attack to prevent the client from successfully using TLS.

I'm not a fan of either of these approaches. On the client side, it makes (potentially annoying) extra requests that for the most part, will be a waste of time as not many gopher servers (to my knowledge) support TLS. And on the server side, it's a hack to peek the initial packet of data (it can be done on some systems, but I don't know if all TCP stacks support peeking at the data before reading the data).

I also mentioned that one of the major complaints about the Gemini protocol, a somewhat reimagining of gopher but with mandatory TLS, is its use of TLS. Go figure—there are people who want to add TLS to gopher, and people who want to remove TLS from Gemini.

Obligatory Picture

An abstract representation of where you're coming from]

Obligatory Contact Info

Obligatory Feeds

Obligatory Links

Obligatory Miscellaneous

Obligatory AI Disclaimer

No AI was used in the making of this site, unless otherwise noted.

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: https://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

https://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2024 by Sean Conner. All Rights Reserved.