2021-07-05
Here it is! But read on for an explanation.
There's no shortage of protocols out there. I've been using gemini for some time now, and I think its steady growth and vibrant community shows that it definitely has a future.
It also has some complexity, albeit not nearly as much as https. And there's been some infected discussions on the protocol mailing list about miniscule details and larger ideas.
TLS and the TOFU validation scheme are probably among the most controversial parts of the protocol, but encryption is also the biggest selling point compared to gopher. Another point of contention is the limited support for client to server information upload in gemini; a design decision made early on and not likely to change.
But if you're not happy with these decisions for some reason (maybe you feel that upload is important, or that encryption hampers old devices as I've previously discussed) you can always create your own protocol.
And wow... A few has sprouted, but pretty much only exist as theoretical products or with a single reference implementation. The two I've found most interesting are mercury, which as far as I know doesn't exist at all outside of a musing post Solderpunk wrote some months ago, and spartan, which I believe only has one reference server and one client.
Until now.
"But what does this protocol have to offer? Why would you implement it??"
I dunno 🤷️ Seemed fun.
It's just a very basic client, similar to gemcall. Both clients are very basic. They can fetch the content from a URL, as long as that content is UTF-8 encoded and finite. But that probably covers more than 95% of all use anyway.
Mozz' page about the spartan protocol (gemini only).
Solderpunk's musing about a "mercury" protocol (gemini only).
My brief explanation of certificate security (gemini only).
My somewhat more opinionated piece about TOFU security (also gemini only).
My thoughts on software obsolescence from a privacy perspective.
gemcall, my CLI client for gemini.
-- CC0 Björn Wärmedal