[tech] Plaintext Gemini extension

Artur Honzawa arturh at gmail.com
Wed Mar 10 08:45:07 GMT 2021


Makes sense. Would security be impacted if clients applied TOFU and refused
to downgrade if they had previously established a secure connection?

On Wed, Mar 10, 2021 at 9:33 AM Stephane Bortzmeyer <stephane at sources.org>
wrote:

> On Wed, Mar 10, 2021 at 09:18:14AM +0100,
>  Artur Honzawa <arturh at gmail.com> wrote
>  a message of 25 lines which said:
>
> > Add gemini-plaintext: schema for servers without TLS support.
>
> Each time you have two security levels (encrypted and unencrypted),
> besides added complexity, you have the problem of downgrade attacks
> <https://en.wikipedia.org/wiki/Downgrade_attack>. These attacks have
> plagued all protocols with both an encrypted nd unencrypted version
> (SMTP…), that's why HTTP/3 (and Gemini!) only have one version.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.orbitalfox.eu/archives/gemini/attachments/20210310/390b24c5/attachment.htm>


More information about the Gemini mailing list