Alternative transports, philosophy [was: Gemini server logging formats and practices]

[solderpunk]

On Thu, May 14, 2020 at 01:27:55PM -0700, Dave Huseby wrote:

> This is a great reply. I never troll, I was just trying humor to dissuade Sean but he didn't catch the hint and doubled down. I have no patience for people who cannot be bothered to be neighborly. I've been around in open source long enough to know that trolls like Sean are like graffiti. If you tolerate them, the trolling only gets worse and eventually leads to ruining the neighborhood.

I have to admit to being really confused by this.  I thought that Sean
absolutely took your post in the spirit it was intended and replied
well, in that same spirit, and better than I'd hoped.  I felt like I'd
stepped in prematurely to try to settle things down.  If this is as bad
as the trolling gets around here, I'll be pretty happy.

And for the record, Sean has done a lot to *improve* this neighbourhood
so far.

> My only real criticism for Gemini is that it relies on TLS. I personally believe that all communications should be encrypted by default. Gemini insisting on encryption is good but going with TLS is bad when there are much better choices such as CurveCP.

I'm writing a gemlog post right now which talks about a whole lot of
things related to TLS, including some attempt to justify the decision to
use it.  It'll be up soon, and I hope you'll read it.
 
> Why shouldn't Gemini avoid relying on centralized solutions such as TLS and the CA system?

It's true that not everybody (including myself) has properly implemented
it yet, but Gemini *does* deliberately and explicitly try to avoid
relying on the CA system by permitting clients to use a TOFU security
model.  Surely you read that in the spec?

Cheers,
Solderpunk