----------------------------------------
encrypting gopher
June 08th, 2019
----------------------------------------

:-------- Encryption for gopher ------:

I thought I'd write up my current thoughts on encryption for gopher. 
I'd like to hear your responses too so just talk about it on the 
#gopher tag on fediverse.

:-------- Current situation ----------:

(You can skip this section if you are familiar with basic network 
security and cryptography concepts)

Currently gopher is not encrypted, it's plaintext. This means that 
under a reasonable threat model gopher lacks the security properties:

* Integrity meaning that the data you're trying to access is 
unmodified.
* Authentication meaning that you can be sure you're accessing data 
from the location you believe you are.
* Confidentiality meaning that the data is secret or private during 
transit.

The threat model I have in mind is the standard "man in the middle" - 
somebody is able to stop every packet between you and the gopher 
server and inspect and edit it. When you have all 3 security 
properties the only thing that the man in the middle can really do is 
send you garbage data or deny you service.

How realistic is this threat model though? Is anybody trying to mess 
with us when we read gopher phlogs? How would anybody even do this?

Well, to my knowledge there's only really 2 real life instances you 
need to worry about (I'd welcome corrections if networking people can 
tell me about something I missed):
* Your ISP is providing you internet and can log everything you 
access, or even use deep packet inspection to MITM/modify your 
traffic - in practice I think this is very expensive and pretty rare. 
Although some nasty ISPs have been injecting adverts into HTTP 
traffic at times.
* Script kiddies on your local network (e.g. if you are gopher 
browsing at starbucks) that are either just sniffing traffic or using 
something like Cain And Abel to ARP spoof and MITM your connections.

So I think these security properties are nice to have but not 
essential! It has been said by @solderpunk that IF we had more 
security gopher would be used for more serious things. I think that's 
true and it counts as a plus for encryption.

With encryption a gopher server is required to do a brand new 
cryptographic computation for every request, to prove the document 
comes from that server. Without encryption you can just send the same 
plaintext to everybody.

:--------- Existing solutions -------:

There are a few tricks you can do to get encrypted gophers today!

The best one - I think - is to use torsocks when launching your 
gopher client and accessing .onion URLs. The .onion URL is a public 
key so this provides the authentication. Then the tor system does all 
sorts of encryption and even provides a fourth security property 
which wasn't mentioned yet: Anonymity. Some will say this is 
"overkill" but doesn't "overkill" solve the problem?

You could also use an ssh tunnel and then connect to the gopher on 
localhost. ssh handles authentication and secrecy and all that. 
Similar to the .onion approach this is a nice UNIXY solution that's 
orthogonal to the gopher clients. The gopher clients required no 
modification, no new code at all. Then there is also the option of 
making some kind of invite-only cooperate VPN where a group of 
trusted people can connect.

:----------- TLS proposals ----------:

A lot of people have suggested using TLS for securing gopher. It has 
been tried out by some (and sometimes in an insecure way which admits 
a downgrade attack).

There's positives to this idea: HTTPS has used it well. The 
certificate infrastructure is well understood and thanks to 
letsencrypt is no longer a protection racket.

But there are also negatives to it: Nobody can realistically 
implement TLS. You would be forced to depend an existing library. 
Also the TLS system would get tangled up into your client and server 
code, this could be easy to get wrong too.

I think the negative is really important and violates the spirit of 
gopher.

:----------- A way forward ----------:

So in summary, I think encryption isn't super important. Gopher is 
great as it is and if something is good don't mangle it. But it would 
be nice to add encryption somehow! We should do it in a way that the 
community agrees on. To keep in the spirit of gopher we should figure 
out a simple encryption system that a normal programmer can implement 
in a weekend. This is totally possible to do with strong security - 
but this system isn't TLS.