[gopher] TLS situation in gopher [was: Re: Gophernicus 2.4

[Cameron Kaiser]

> Here the client caches the information (caps.txt really) that server:7070
> is TLS and every connection to server:7070 should be made using TLS.

What this really means is we need HSTS for Gopher, i.e., a site that was
detected to be gopher+TLS should never be downgraded, and optimally there
should be a preloaded list in gopher+TLS clients so that (like the S-T-S
header in HTTPS) there is less chance of a "first time caps.txt" attack,
which the simplicity of the protocol would make trivial to a wire attacker.

-- 
------------------------------------ personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckaiser at floodgap.com
-- Put down your guns, it's Weasel Stomping Day! ------------------------------