## Gopher over TLS and spreading the revolution

Seamless encryption in the gopherspace!

     .-,          [+]         _l=l_
    (("))        (("))i       (("))
   __/ \/       __/_\/       __/.\/
    /___\        /___\         |:|
    _| \_        _| \_        _| \_

Ivan J. <parazyd@dyne.org>

## Gopher over TLS - Why

* We're in 2021
* Privacy & security ️️(tm)
* Fight police terror and surveillance
* Tor isn't always convenient
* Opens a path to secure services on Gopher

## Gopher over TLS - What

* Community-adopted protocol
* No changes to the existing gopher protocol
    * Instead simply encapsulated with TLS
    * Optional(!) differentiation with URI (gopher|gophers)

* No need to change specification, protocol, nor port!


## Gopher over TLS - Server abstract

             record        handshake    client
             header         header      version
    recv: [16 03 01 00 a5, 01 00 00 a1, 03 03, .......]
#pause
           |
           V             
    (bytes[0] == 0x16)


## Gopher over TLS - Server abstract

             record        handshake    client
             header         header      version
    recv: [16 03 01 00 a5, 01 00 00 a1, 03 03, .......]
           |
           V             (true) initialize tls context and serve
    (bytes[0] == 0x16) ----<
#pause
                         (false) serve over plain text (or refuse)

## Gopher over TLS - How

* Example:

    $ printf "/brcon\r\n" | nc parazyd.org 70
    $ printf "/brcon\r\n" | gnutls-cli parazyd.org:70


## Gopher over TLS

* We have a plan. Let's implement it!

## Five steps to domination

1. Gain understanding of core infrastructure
#pause
2. Write patch for core infrastructure
#pause
3. Get it upstream
#pause
4. Advocate this to other software using "core infrastructure"
#pause
5. Get it everywhere

## Example 1. - curl

* Arguably the most used software for data transfer with
  various protocols
* Influential
* Written in C

## Example 1. - curl

Git commit: a1f06f32b8603427535fc21183a84ce92a9b96f7
configure.ac  |  3 +++
lib/gopher.c  | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
lib/gopher.h  |  3 +++
lib/url.c     |  3 +++
lib/version.c |  3 +++
5 files changed, 62 insertions(+)

## Example 1. - curl

* Reuse the existing Gopher protocol implementation
* Add a "gophers://" handler which is existing gopher code, plus TLS
* Explain the protocol is useful and adopted
#pause

* Merged in November 2020
* First mainstream software to include Gopher over TLS support

## Example 2. - ffmpeg

* The most widely used media tools and library
* Influential
* Written in C

## Example 2. - ffmpeg

Git commit: 51367267c8a9f1a840f5e810f8c788e6e03712a5
Changelog                 |  1 +
configure                 |  1 +
doc/general_contents.texi |  1 +
doc/protocols.texi        |  6 ++++++
libavformat/Makefile      |  1 +
libavformat/gopher.c      | 30 ++++++++++++++++++++++++++----
libavformat/protocols.c   |  1 +
libavformat/version.h     |  2 +-
8 files changed, 38 insertions(+), 5 deletions(-)

## Example 2. - ~~curl~~ ffmpeg

* Reuse the existing Gopher protocol implementation
* Add a "gophers://" handler which is existing gopher code, plus TLS
* Explain the protocol is useful and adopted (and merged by curl)
#pause

* Merged in February 2021

## Post-domination, pt.1

* Now at state where a core tool has support for Gopher over TLS
#pause

Let's see what happens with a project that uses curl:


## feh

* Solid, minimal image viewer
* Uses libcurl to fetch pictures from the Internet
* No gopher support at all!
* Written in C

## feh - the patch

Git commit: 7cb8ce10e542f27b176b6ecfb1a1ff114d9fef2d
diff --git a/src/utils.c b/src/utils.c
index 087e7f62..eb128a23 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -146,6 +146,8 @@ char *estrjoin(const char *separator, ...)
 char path_is_url(char *path) {
    if ((!strncmp(path, "http://", 7))
            || (!strncmp(path, "https://", 8))
+           || (!strncmp(path, "gopher://", 9))
+           || (!strncmp(path, "gophers://", 10))
            || (!strncmp(path, "ftp://", 6))
            || (!strncmp(path, "file://", 7)))
        return 1;

## Post-domination, pt.2

* Now at state where multiple core tools have support for
  Gopher over TLS
#pause
* And a downstream project using a core tool supports
  Gopher over TLS
#pause

Let's see what happens with a project that uses ffmpeg:

## mpv

* Widely-used media player
* Works on commandline, and in GUIs
* Probably using it to listen to brcon audio stream
* Supports Gopher, but not Gopher over TLS
* Written in C

## mpv - the patch

Git commit: 6a903a9a087e9639eb3323a7e5adeb49871011af
diff --git a/stream/stream_lavf.c b/stream/stream_lavf.c
index 1c7fd35ae2a..27a948d5e5c 100644
--- a/stream/stream_lavf.c
+++ b/stream/stream_lavf.c
@@ -413,7 +413,7 @@ const stream_info_t stream_info_ffmpeg = {
   .protocols = (const char *const[]){
      "rtmp", "rtsp", "rtsps", "http", "https", "mms", "mmst", "mmsh", "mmshttp",
      "rtp", "httpproxy", "rtmpe", "rtmps", "rtmpt", "rtmpte", "rtmpts", "srt",
-     "srtp", "gopher", "data",
+     "srtp", "gopher", "gophers", "data",
      NULL },
   .can_write = true,
   .stream_origin = STREAM_ORIGIN_NET,

## Post-domination, pt.3

* Now at a state where multiple core tools, widely-used software,
  and enthusiast projects have support for Gopher over TLS!

## Taking the role of dominatrix

* Find mainstream software and libraries that could benefit from
  Gopher over TLS
#pause
    * Difficulty level 4/10
    * Satisfaction level 10/10
#pause

* Find downstream projects using core tools that already have
  Gopher over TLS support and add this support to project-of-choice
#pause
    * Difficulty level 1/10
    * Satisfaction level 10/10

## Outro

    #job

Thanks for listening!