Ditching mandatory TLS

[colecmac at protonmail.com]

Hello! I'm in favour of mandatory TLS for Gemini, so let me take a stab
at this.


> -   TLS is not conveinent for local development
> -   TLS is inherently dependent on a centralized oligarchy of CAs

I think you've misunderstood how TLS works in Gemini. Gemini works using TOFU, or
Trust On First Use, which means that CAs are out of the picture, and self-signed
certs can be (and are) used. Generating a self-signed cert is pretty simple for
local dev.

You can learn more about this in the Gemini spec, and also I've just written a post
about how TOFU works in Gemini:

gemini://makeworld.gq/gemlog/2020-07-03-tofu-rec.gmi

> -   Baking TLS into the protocol is going to be a bad look when The Next
>     TLS comes out
> -   Some alternative modes of internet access have built-in encryption
>     guarantees: yggdrasil, cjdns, Tor; and for these adding TLS is
>     redundant (and arguably worse)

Solderpunk has addressed these concerns on the list before, where he's said that
Gemini was created for the here and now, for the modern, current, internet. I am
involved in the meshnet community, and am all for them succeeding, and yes, TLS
would be an overhead. But right now that is not the situation for the majority of
people, and Gemini is designed to work and be (somewhat) secure *today*.

Cheers,
makeworld