Hi,

On 28/02/18 02:05, Cameron Kaiser wrote:
> Although I would prefer gopher+TLS have a categorical port and only be
> accessible that way, I don't object to probing/upgrading, as long as the
> client is smart about it.

The idea of requiring a specific port number sounds like a complete hack.

Instead, can you not just cache that STARTTLS was successful and then
immediately attempt TLS handshake when you connect next time instead of
doing the STARTTLS upgrade?

Even better, how about you just always try to do a TLS handshake and
cache the failures instead? STARTTLS in reverse, where if the handshake
fails you reconnect without TLS and then don't attempt a handshake again
for a while.

Thanks,
Iain.

Greetings.

Thanks for all the input. I rethought my proposel. For finding a solu‐
tion we can all agree on RFC 1436, which says:

> Equally important, clients do not
> have to be modified to take advantage of a new resource.

This gave me the idea that we should see this from the user/client point
of view, which begins at the URI. With gopher:// the one writing the URI
defines the menu type the way the client should interpret the content
given back. The same could apply for gophers://.

To see my new proposal below keep in mind the two main goals we should
have in gopher:

* Keep the compatibility to the old gopher.
* Allow a simple implementation on really old hardware, which is not able
to run TLS.


## Proposal

I propose that we should introduce »gophers://« schema which tells the
client to use »secure mode« for digging through gopherspace. Clients
might introduce some parameter to first try secure mode, even if »go‐
pher://« is specified as URI schema.

## What does the »secure mode« mean?

We do not need the »STARTTLS« I proposed. The simpler way is like some‐
one said to just connect using TLS. The TLS header is an invalid ASCII
selector and so any compliant server will give back an error. If this
does not succeed the client should / must not try to connect us‐
ing plain gopher. If a server supports TLS should be cached by the
client.


## Examples Of Daily Usage

# Plaintext Gopher
% sacc gopher://bitreich.org

# Secure Mode by default. [not implemented yet.]
# Sacc will try first TLS before plain gopher.
# -s can be easily set as an alias in the shell.
% sacc -s gopher://bitreich.org

# The user tells sacc to use secure mode. [not implemented yet.]
% sacc gophers://bitreich.org

For the ultra secure PKI fighters some option to enforce TLS and exit if
it is not available could be implemented too (Example):

% sacc -fs gopher://r-36.net
sacc: Server does not support TLS. Aborting.

% sacc -fs gopher://bitreich.org
sacc: bitreich.org is giving back a self-signed certificate.
[... cert details printed ...]
Do you want to accept and proceed?
[y/n] >

# After a while gophering and someone tries to attack.
% sacc -fs gopher://bitreich.org
sacc: Certificate for bitreich.org changed.
[... cert details printed ...]
Do you want to accept and proceed?
[y/n] >


## Easy Migration (Practical Example)

For bitreich.org I setup all of this without modifying geomyidae at all.

1.) Setup geomyidae to listen on port 72.
2.) Setup stunnel to listen on port 7443 and point to port 72.

With stunnel you get all options for verification and certificate han‐
dling without doubling the code in geomyidae itself.

3.) Setup sslh on port 72 to point to either port 7443 or port 72.

Here is my sslh configuration:

protocols:
(
{ name: "regex"; host: "127.0.0.1"; port: "72"; regex_patterns: [ "^\r\n$", "^\n$", "^.\n$" ]; },
{ name: "tls"; host: "127.0.0.1"; port: "7443"; },
{ name: "anyprot"; host: "127.0.0.1"; port: "72"; },
{ name: "timeout"; host: "127.0.0.1"; port: "72"; }
);

on-timeout: "timeout";

Why the regex? Sslh has some case where if something less than three
bytes is sent tls comes true. We have to handle those cases manually.

Sslh has other options like running vpn, ssh etc. on the same port to
circumvent filtering of censoring networks.

Of course all of this can be implemented in the geomyidae too, but it
should be easy, since only a check for the TLS packet like in sslh[0] is
needed.


## Conclusion

The above proposal should satisfy all use cases. There is a simple up‐
grade route and it will give the user more freedom in choosing how to
walk through gopherspace.

Enforcing pure TLS on all gopher servers is not an option, which means
fallback attacks are possible. Here the client needs to warn users, be‐
cause PKI is about user decision. You cannot trust central certificate
authorities, you only trust the certificates you know, like in SSH.


## RFC

What do you people think about this proposal?


Sincerely,

Christoph Lohmann

[0] https://github.com/yrutschle/sslh.git

Hi,

On 28/02/18 07:55, Kim Holviala wrote:
> Starttls is nice but requires gopher servers to be complied with OpenSSL or similar and will not work with inetd-based servers (because TLS would need to be initialized from scratch for each connection). So it will conpletely kill any simplicity gopher might have had. Dedicated TLS port (7443?) would work with TLS wrappers leaving the gopher server itself simple and the codebase understandable.

You could always have a TLS wrapper that is also happy to not do TLS.

This would allow clients to perform TLS if they wish, or not, and all on
the same port without complicating any codebases.

Thanks,
Iain.

for example for ensuring data integrity


On 02/28/18 09:03, R. A. Pavlov wrote:
> Why would one ever need a secure gopher if gopher client cannot send any
> sensitive info by design? Do I miss something?

Hi,

On 28/02/18 14:12, Cameron Kaiser wrote:
> I'm not aware of any TLS wrapper that knows how to do this (it would require
> a lot of wire-level work to be even possible), and I'm sure many non-TLS
> servers would not respond favourably. With a categorical port, you know
> exactly what you're connecting to and what it's expecting.

With a categorical port you recreate the problems of HTTP where you've
broken URLs when you enable TLS. Instead of http://blah/ you now have
https://blah/ and these are distinct resources. If you are running two
servers, they could have entirely different content and those who have
bookmarks/search indexes or anything referencing a URL would find it
broken when you enable TLS.

Just because such a wrapper doesn't currently exist it doesn't mean that
it wouldn't be possible to create one. It would likely be very easy.

See for example: http://57north.org.uk:443/

Here the server correctly responds to a plaintext HTTP request with a
plaintext HTTP response. It serves an error message explaining that
HTTPS was expected, but there's no reason that you couldn't just have it
serve content instead.

Anyone can just run an wrapper around anything and say you've created a
TLS version but you need to think about what it actually means
semantically in the context of the application. In the case of Gopher I
firmly believe that a separate port, even if not a "fixed" separate
port, is just recreating the problems of HTTP/HTTPS URL breakage and
that we can and should do better.

Thanks,
Iain.

On Wed, 28 Feb 2018 06:12:35 -0800 (PST)
Cameron Kaiser <***@floodgap.com> wrote:

>
> I'm not aware of any TLS wrapper that knows how to do this (it would
> require a lot of wire-level work to be even possible), and I'm sure
> many non-TLS servers would not respond favourably. With a categorical
> port, you know exactly what you're connecting to and what it's
> expecting.
>

Thought about this a bit; I do think that the STARTTLS suggestion would
be harder to write clients for, but I also don't like the idea of
defining specific ports for TLS and plaintext. TLS support can be
easily indicated in the URI by using "gophers://" in place of
"gopher://". In menus, what about specifying this using the host field
instead of the port? For example,
"1example<TAB>/example<TAB>tls://example.com<TAB>70"

Alternatively, there could be a new item-type that is to be interpreted
like the existing '+' mirror type: instead of specifying a duplicate of
the last entry it would specify a TLS version, possibly with the same
host/port.

On 2 Mar 2018, at 6.34, Zachary Lee Andrews <***@gmail.com> wrote:
>
> Just curious if anyone has considered using CAPS.TXT instead of adding more itemtypes or other weird stuff to signal that a server is TLS capable.

Gophernicus does that, unforunately the live example server is gone because it's part of a huuuuuge drug bust :-D

But that still doesn't solve the problem of how to add "TLS cabable" to the menu resources.


- Kim

Hi,

On 02/03/18 08:09, Matt Owen (Jaruzel) wrote:
> Why are we not just following how the introduction of https did it ?
>
> 1. TLS enabled gopher links are prefixed by gophers://

This is the mistake that was made with HTTP that we can avoid. This made
TLS support a special case, meant everyone changing URLs all over the
place, and a whole load of other problems. It implies that Gopher with
TLS is a separate protocol. You're still using the Gopher protocol just
that now it's running over TLS instead of directly over TCP.

HTTP did not repeat this mistake when they started to deploy QUIC+DTLS.
They didn't decide to have http+quic:// URLs, they reused the https://.

> 2. gophers:// links are used in the gophermap file, and shared elsewhere
> in the same manner https:// links are. If the connection to that server
> is already TLS, then it is assumed that all local links in the gophermap
> file that start with a '/' are also TLS.

gophermap doesn't use URLs, it has a host/port combination and a
selector. You literally cannot encode gophers:// in a gophermap unless
you're going to introduce a whole load of new item types, which is not
what item types are for.

> 3. Gopher clients are updated to understand that gophers:// is TLS and on
> a default port of 7443 if no discrete port is specified in the link.

Instead, how about gopher clients are updated to assume all servers
support TLS unless they see evidence to the contrary? I have previously
described a ridiculously simple method for multiplexing TLS and non-TLS
on the same port (using MSG_PEEK).

> When https was introduced, there wasn't any fancy way of letting older
> browsers downgrade the connection - it just wasn't supported. If users
> wanted to access https, then they had to upgrade their browsers. I don't
> see why supporting TLS in gopherspace should be any different.

There was. You use http:// instead. It was entirely supported and still
is to this day. To this day you're still connecting with HTTP first and
then getting a redirect to HTTPS. You really want to recreate that for
Gopher?

Thanks,
Iain.

Hi,

On 02/03/18 21:01, Michael Lazar wrote:
> I thought this was a nice idea, so I tried implementing it on my python gopher
> server. You can test it out here:
>
> gopher://mozz.us:7005/1/demo-ssl

Awesome. (:

> It was, in fact, very straightforward to accomplish using helpers from the
> python standard library. Here's the code diff if you want to take a look:
>
> https://github.com/michael-lazar/flask-gopher/commit/3777ef92516722f8aad7b858a0c6f931bd875f19#diff-d66156e6e2bebef5659c7aa5593e5ec6R628

Thanks very much for implementing this! This is exactly what I had in mind.

Thanks,
Iain.