/~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~\

So, I'll be honest. I've been thinking about some things said about using TLS
for Gopher, and various ways to secure it, and... Well, an incident today 
reminded me of just what that would do for some people.

In all its "glory", Mozilla decided that gatekeeping add-ons via an 
intermediary certificate would be a bright idea, only to have that backfire as
someone forgot to renew said cert[1]. As someone who uses Firefox 45.9.0 ESR
on MacOS 10.6 (can't go higher), I wasn't affected. In fact, unless you run
Quantum, you won't be affected.

Granted, Firefox isn't even the main browser on any of my machines. That would
be SeaMonkey[2]. The continuation of Netscape/Mozilla Suite, in all of its
loveliness. But I digress.

So, when it was brought up about using TLS for Gopher, my first thought was
"This is a great idea!". At least until I remembered about TLS-pocalypse. See,
not everyone uses an absolutely modern system to access the web, much less 
gopher. The idea that gopher is accessible on systems running even DOS is a
great way for people with retro machines to get to content without the need for
proxies, since it's not relying on an encryption system that would practically
melt older devices.

In fact, I could probably get onto a gopher server using my ancient HTC TyTN II
smartphone (Windows Mobile 6.1) if I wanted to. 128MB of RAM should be enough,
right?

Yet, if we start putting Gopher behind that encryption without an alternative,
like the web has done, those older systems become a little less useful for
everyone who owns them. I mean, it's thanks to the continued use of FTP, BBSes,
Telnet, Gopher, and older HTML standards that an iMac G3 with MacOS 9.x can
still be useful today outside of games.

TLS 1.3 (RFC 8446[3]) is going to be one of those things that can/will make
some perfectly usable machines a little more useless, and to me, that's kinda
sad, given the computers themselves would still work.

Of course, an "https proxy" is also a solution, but how many of us would be
willing or able to set up a server to handshake for TLS encryptions in place of
a machine that can't? It's not that it'd be expensive, since a Raspberry Pi 0
server could do that (along with Tor). But that also requires upkeep and extra
hardware that someone might not be willing to put up with.

I want encryption for those that desire it, but I'd also like the option to
have an unencrypted version if I need it. I mean, it'd be little more than a
simple courtesy at that point, but it'd be nice to have. Certainly more than
most web devs and browser makers would give to their users, anyway.

\~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~x~/

[1]: https://www.engadget.com/2019/05/03/firefox-extension-add-on-cert/
[2]: https://www.seamonkey-project.org/
[3]: https://tools.ietf.org/html/rfc8446