Comment by π stack
Re: "Without headers, there is no way to detect if documentβ¦"
Spartan has an entirely different way to send data to the server
12 hours ago
8 Later Comments β
π lars_the_bear Β· 11 hours ago:
@stack : true, but it still lacks a way for the server to tell the client how much data to expect, so far as I can see. That's an odd omission, since there's a way for the _client_ to tell the _server_ how much to expect.
I guess the Spartan method is more a PUT than a GET. The advantage of the Gemini way is that you can bookmark a URL with the query string. That's true with HTTP GET as well. Perhaps a protocol should offer both approaches, at HTTP does? But if you start down that road...
@lars_the_bear: I see what you mean. Yes, transmitting the size ahead is really sensible -- you can allocate a buffer or check for available space ahead of time. I often question the rationality (or sobriety) of our founding father.
Why not extend the usage of the mimetype in the response header to include the size?
per gemini spec and mime spec this would be allowed as parameters that are unknown to clients should be ignored.
Hmm. That is not bad.
π gh0stb0ners Β· 9 hours ago:
I see a lot of criticism of TLS, but it is more important for integrity than it is for confidentiality. It seems there are a lot of people here who do not remember the days that ISPs (and others) would insert stuff into html pages in the pre-TLS era. Would this happen to geminispace? Probably not because it's a small fish, but anyone sitting on the wire between you and any non-TLS server has the opportunity.
I would also like to make a note that base64-encoding can be used to largely avoid the conflicts with the URL spec without needing to percent-encode everything. It requires support from both server and client but the mechanism is there.
It seems there are a lot of people here who do not remember the days that ISPs (and others) would insert stuff into html pages in the pre-TLS era.
hm, you have a point - I definitively forgot about this..
Never happened to me.
I agree that TLS should be optional instead of mandatory. I also agree that the header should have an optional size (it should not be mandatory, since sometimes it might not be known e.g. in case of dynamic files). Spartan uses the file format of Gemini but it is a different protocol (although it is probably not a problem if you do not have any dynamic files). I made up the Scorpion which avoids these problems.
About Kepler: One thing I think that Unicode should not be the only character set and that it is not a very good character set, but there are other things to mention.\
3.4: I think that it should not be recommended to redirect from the non-TLS to the TLS or vice-versa (although it might if a client certificate is required; Scorpion instead implicitly does when a 6x response is received but you might prefer to do it differently, especially since the port number might be different for Kepler).
4.1: I agree with 4.1.2. About 4.1.3, I think the MANDATORY warning is unnecessary if the user knows what they are doing (although your intention might be that they don't know, I would think it is better otherwise).
4.2, 4.3, and 4.4 are good.
4.5.2: There might sometimes be situations where this does not work, e.g. if the request must be forwarded to multiple servers (which might or might not be on the same computer), or where the server might have different certificates for different domain names, etc. One possible consequence of this is that client certificates cannot be accepted if the SNI is incorrect. Some servers won't need to care about SNI, but some will need to care for the reasons I specified.
4.5.3: This section is incorrectly numbered as 4.5.2. Maybe it should say SHOULD instead of MAY, although I am not sure and I might be wrong.
4.2.2: I have another comment I forgot to mention. Some files on some servers might potentially require certificates issued by a specific authority, such as the server itself. However, this is not always the case; often, self-signed certificates are good enough. For clients accepting server certificates, this is also sometimes the case, although it would have to depend on an agreement made ahead of time, which usually is not the case.
Original Post
Without headers, there is no way to detect if document exist: for example, zip archive is always downloading with 9 bytes of size. Yet another problem: even the protocol is Unicode oriented, URL-encoded links are unuseful. Madness! I need Gemini without TLS just.