From: "Gopher-Project" <gopher-project-bounces+rachael=telefisk.org@lists.alioth.debian.org>
       Date: Tue Feb 14 04:08:26 2017
       Subject: Re: [gopher] TLS situation in gopher [was: Re: Gophernicus 2.4
       
       > Here the client caches the information (caps.txt really) that server:7070
       > is TLS and every connection to server:7070 should be made using TLS.
       
       What this really means is we need HSTS for Gopher, i.e., a site that was
       detected to be gopher+TLS should never be downgraded, and optimally there
       should be a preloaded list in gopher+TLS clients so that (like the S-T-S
       header in HTTPS) there is less chance of a "first time caps.txt" attack,
       which the simplicity of the protocol would make trivial to a wire attacker.
       
       -- 
       ------------------------------------ personal: http://www.cameronkaiser.com/ --
         Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckaiser@floodgap.com
       -- Put down your guns, it's Weasel Stomping Day! ------------------------------
       
       _______________________________________________
       Gopher-Project mailing list
       Gopher-Project@lists.alioth.debian.org
       http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/gopher-project
       Thread start
 (DIR) [gopher] Gophernicus 2.4 "Millennium Edition" released
 (DIR) Followup: Re: [gopher] Gophernicus 2.4 "Millennium Edition" released