[rhabarba]

Unpopular opinion: Gemini is Gopher done wrong. There is no need for a TLS layer in a protocol that won't let you POST, and there is nothing Gemini can do that Gopher(+) could not, except that it features "some" formatting - and then again, why not just stick with HTML?

There's no place for Gemini.

[halicarnassus]

TLS assures that nobody can tamper with the payload during transit. And while there's no POST, you can still post limited amount of data, which the linked article talked about.

Gemtext is a hyperlink format, Gopher is plain text. And some formatting takes you a long way.

HTML cannot easily be read in TUIs and needs layout engines only billion dollar companies can maintain.

[teruakohatu]

Without TLS you cannot be sure the content was not modified after it was sent to you but before you received.

It is a reasonable requirement in the 2020s.

[jumpyjumps]

If it's self signed and TOFU you can't be sure there was no proxy in the middle on first use though.

[junon]

Self signed != inherently insecure. If you have the public key, verified it, and you want to make sure that you're getting content directly from the server, you can do just that. It's just not got a chain of trust with root certs that are built into the browser.

[jumpyjumps]

My point is how do you get the public key if you can't trust what has been published? You can't trust the gemini site, you'd have to use another protocol, such as HTTPS signed by a CA in order to verify the public key you are being given was actually signed by the author and not someone in the middle rewriting the authors gemini content.

[rhabarba]

I see my mistake. Sorry.

[satchlj]

> There is no need for a TLS layer in a protocol that won't let you POST

You don't need POST. You have queries (and many Gemini people use Titan as well).