########################################
## HTTPS vs HTTP, security properties

HTTPS provides some very important security properties that HTTP does not.

It provides confidentiality, integrity and authentication.

* Confidentiality: What you're loading cannot be snooped on by others.
    Eve is on the same networking as you, and can listen into your
    traffic - but if it's HTTPS they cannot read it. If it was plain HTTP
    they could see what you were looking at and copy your session cookies
    to potentially log in to sites as you.
* Integrity, Authentication: You know that if a document you recieve is
    valid it is unmodified. Mallory cannot set up a man in the middle
    attack and edit the documents in transit, if it was HTTP they could
    do this with arp poisoning/cain and abel - and change all the images
    on the pages you are looking at to rick astley.

Implementing confidentiality requires a cipher and a system for keys,
initialization vectors and such. It's rather involved.

Implementing integrity and authentication is less difficult. It can be
done using a public/private key pair and a hash algorithm.


#############
## Gopher with Trust-on-First-Use Integrity and Authentication

If we want to modify the gopher protocol to get Integrity and
Authentication we could do the following:

* Have a standardized endpoint where you can ask a server what its ssh
  public key is.
* clients can trust these keys when they first contact the server.
* gopher documents can be signed (using ssh-keygen), clients can verify
  these signatures (or ignore them, if you are just making a simple
  implementation with no cryptography code in it).

See here for an excellent post by jvpernis about using ssh-keygen
to sign and verify signatures: https://superuser.com/a/1616656


############
## Issues

The problem with TOFU is that it only works if you contact the real
server without any man in the middle on your first contact.

The advantage of TOFU is that it means an attack has to pull off the
attack on that specific moment to win.

Another issue is key revocation. If a server needs to revoke its key
you will need to trust its new key.


##############
## Conclusion

Overall the TOFU model would add some security to gopher but it is
difficult to trust it as strongly as we trust HTTPS.
The TOFU model is much simpler than the CA model. It would be possible
to create extensions like accessing the SSH public key over HTTPS, but
I feel like a self contained system is preferrable.

Implementations could just invoke the ssh-keygen tool, they would only
need to do this once per document published. Not once per document
served like in the case of HTTPS.
Alternatively they could reimplement the cryptographic primitives
involved. This is not unrealistic, but reimplementing OpenSSL is
unrealistic.

This proposal also allows implementations to just drop the crypto stuff
and still work.

#############
## Elsewhere

This post is also available on my gist blog
https://gist.github.com/rain-1/41c7c0cf54155169c2c9d6a5e1625d65