Ditching mandatory TLS

[solderpunk]

On Sat, Jul 04, 2020 at 09:44:16AM -0400, Drew DeVault wrote:
> Unpopular opinion time: Gemini should not have mandatory TLS.

To be honest, I think by now this counts as a pretty popular opinion. :)
 
> - TLS is not conveinent for local development

Mostly because the `openssl` tool for making certs is garbage?  I do
hope to write a simple replacement for it for Gemini purposes soon.

> - TLS is inherently dependent on a centralized oligarchy of CAs

I don't think the dependency is inherent, and have tried to push back
against it by explicitly speccing TOFU as a first-class option.  I
admit this has proven to conflict much harder than I expected with the
"simplicity of implementation" idea as it turns out most TLS libraries
are not designed to do anything remotely unorthodox, which is a real
shame.

> - Baking TLS into the protocol is going to be a bad look when The Next
>   TLS comes out
> - Some alternative modes of internet access have built-in encryption
>   guarantees: yggdrasil, cjdns, Tor; and for these adding TLS is
>   redundant (and arguably worse)

I can see the merit of these arguments.  In the context of a protocol
designed for use into the long term future and by people who are
technically skilled enough that they can set up something like
Yggdrasil, building in TLS is indeed dubious.  But I'm not targetting
that space with Gemini.  There is no shortage of (good!) projects
offering ways to distribute content online which is more private,
more decentralised, and more censorship resilient than Gemini.  They
all come with substantial "cognitive friction" in the form of concepts
that many developers and most users don't, won't or can't understand,
and as such they have all remained small projects and there's a good
chance they always will.  Gemini is by design "radically familiar" and
people don't have to learn any new concepts to build for it or use it.
I believe this is a large part of the reason why Gemini already has a
ridiculous number of implementations and a surprising number of hosts.

While it hasn't yet been codified as an official goal of the project, I
at least have increasingly come to conceptualise Gemini as a "lifeboat
for evacuees from the web", and specifically "a better lifeboat than
Gopher", which a lot of people won't jump to precisely on account of its
total lack of security.  Gemini lets something like "ordinary people"
shift their content off the web onto something vaguely weblike without
having to learn any weird new concepts or do anything strange to their
computer.  This is a valuable thing to have and not a space which has
received much exploration.  Removing mandatory TLS would make Gemini a
much worse lifeboat here and now and I'm reluctant to do this for the
sake of making Gemini a more viable option in a hypothetical future
where everybody is on something like Yggdrasil.

Cheers,
Solderpunk