**Kooda Loutre** @Kooda · 2017-12-26T11:19:00Z

Kooda Loutre @Kooda

I love #gopher and I have quite a few projects I want to make that are using it (some listed on gopher://upyum.com already) and some I’ve already started, like an rss2email-like software ( https://www.upyum.com/cgit.cgi/pheeds/ ) and a #git viewer ( https://www.upyum.com/cgit.cgi/gopher-git/ )…

But I’m always a tiny bit uncomfortable when browsing the gopher-space, given that nothing is encrypted…

Dec 26, 2017, 11:19 · Web · 0 · 3

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 11:23

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 11:23

@Kooda That's why you offer it as a tor hidden service!

**Kooda Loutre** @Kooda · Dec 26, 2017, 11:29

**Kooda Loutre** @Kooda · Dec 26, 2017, 11:29

The problem then becomes the linking to other servers… But the same kind of problem arises when you try to slap TLS on top of gopher…

**Marsxyz 🇧🇪** @marsxyz@social.targaryen.house · Dec 26, 2017, 11:34

**Marsxyz 🇧🇪** @marsxyz@social.targaryen.house · Dec 26, 2017, 11:34

@Kooda
There is no gopher over TLS alternative ?

**Kooda Loutre** @Kooda · Dec 26, 2017, 11:35

**Kooda Loutre** @Kooda · Dec 26, 2017, 11:35

@marsxyz if there is, I’m not aware of it, and most clients probably don’t support it.

**Charles Childers** @crc@mastodon.social · Dec 26, 2017, 15:54

**Charles Childers** @crc@mastodon.social · Dec 26, 2017, 15:54

@marsxyz @Kooda Not yet. I have a test server running under TLS (though no clients directly support this, as far as I have been able to tell), and as @ckeen notes, routing via tor is an option.

**Kooda Loutre** @Kooda · Dec 26, 2017, 15:56

**Kooda Loutre** @Kooda · Dec 26, 2017, 15:56

@crc @marsxyz @ckeen I think we need a way to make this discoverable. So that clients that support encryption can connect to the secure variant even if the link to the server was a regular one. And something similar to HSTS.

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 18:17

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 18:17

@Kooda @crc @marsxyz The point of hidden services is that it is *not* discoverable though.

There's no need to offer an insecure variant at all?

**Kooda Loutre** @Kooda · Dec 26, 2017, 18:18

**Kooda Loutre** @Kooda · Dec 26, 2017, 18:18

@ckeen @crc @marsxyz Sure, but you lose the point of gopher, which was inter-instance linking… You could just use FTP if you don’t need that.

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 18:19

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 18:19

@Kooda @crc @marsxyz Why do you loose that?

**Kooda Loutre** @Kooda · Dec 26, 2017, 18:19

**Kooda Loutre** @Kooda · Dec 26, 2017, 18:19

@ckeen @crc @marsxyz Because most of the gopher-space is not on Tor? :Þ

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 18:20

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 18:20

@Kooda @crc @marsxyz
Nothing prevents you to link to non tor selectors and vice versa...

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 18:35

**❦ Billy Blaze ❦** @ckeen@mastodon.social · Dec 26, 2017, 18:35

@Kooda @crc @marsxyz

That's the same argument not to use https because you might link to other websites using https...

**Charles Childers** @crc@mastodon.social · Dec 26, 2017, 18:39

**Charles Childers** @crc@mastodon.social · Dec 26, 2017, 18:39

@ckeen @marsxyz @Kooda I need to spend some time looking into tor next year. #2018projects