---------------------------------------- encrypting gopher June 08th, 2019 ---------------------------------------- :-------- Encryption for gopher ------: I thought I'd write up my current thoughts on encryption for gopher. I'd like to hear your responses too so just talk about it on the #gopher tag on fediverse. :-------- Current situation ----------: (You can skip this section if you are familiar with basic network security and cryptography concepts) Currently gopher is not encrypted, it's plaintext. This means that under a reasonable threat model gopher lacks the security properties: * Integrity meaning that the data you're trying to access is unmodified. * Authentication meaning that you can be sure you're accessing data from the location you believe you are. * Confidentiality meaning that the data is secret or private during transit. The threat model I have in mind is the standard "man in the middle" - somebody is able to stop every packet between you and the gopher server and inspect and edit it. When you have all 3 security properties the only thing that the man in the middle can really do is send you garbage data or deny you service. How realistic is this threat model though? Is anybody trying to mess with us when we read gopher phlogs? How would anybody even do this? Well, to my knowledge there's only really 2 real life instances you need to worry about (I'd welcome corrections if networking people can tell me about something I missed): * Your ISP is providing you internet and can log everything you access, or even use deep packet inspection to MITM/modify your traffic - in practice I think this is very expensive and pretty rare. Although some nasty ISPs have been injecting adverts into HTTP traffic at times. * Script kiddies on your local network (e.g. if you are gopher browsing at starbucks) that are either just sniffing traffic or using something like Cain And Abel to ARP spoof and MITM your connections. So I think these security properties are nice to have but not essential! It has been said by @solderpunk that IF we had more security gopher would be used for more serious things. I think that's true and it counts as a plus for encryption. With encryption a gopher server is required to do a brand new cryptographic computation for every request, to prove the document comes from that server. Without encryption you can just send the same plaintext to everybody. :--------- Existing solutions -------: There are a few tricks you can do to get encrypted gophers today! The best one - I think - is to use torsocks when launching your gopher client and accessing .onion URLs. The .onion URL is a public key so this provides the authentication. Then the tor system does all sorts of encryption and even provides a fourth security property which wasn't mentioned yet: Anonymity. Some will say this is "overkill" but doesn't "overkill" solve the problem? You could also use an ssh tunnel and then connect to the gopher on localhost. ssh handles authentication and secrecy and all that. Similar to the .onion approach this is a nice UNIXY solution that's orthogonal to the gopher clients. The gopher clients required no modification, no new code at all. Then there is also the option of making some kind of invite-only cooperate VPN where a group of trusted people can connect. :----------- TLS proposals ----------: A lot of people have suggested using TLS for securing gopher. It has been tried out by some (and sometimes in an insecure way which admits a downgrade attack). There's positives to this idea: HTTPS has used it well. The certificate infrastructure is well understood and thanks to letsencrypt is no longer a protection racket. But there are also negatives to it: Nobody can realistically implement TLS. You would be forced to depend an existing library. Also the TLS system would get tangled up into your client and server code, this could be easy to get wrong too. I think the negative is really important and violates the spirit of gopher. :----------- A way forward ----------: So in summary, I think encryption isn't super important. Gopher is great as it is and if something is good don't mangle it. But it would be nice to add encryption somehow! We should do it in a way that the community agrees on. To keep in the spirit of gopher we should figure out a simple encryption system that a normal programmer can implement in a weekend. This is totally possible to do with strong security - but this system isn't TLS.

Proxy too slow? Get free clients and plugins for your favorite mobile and desktop browsers. Visit the Overbite Project.