Lagrange: A desktop GUI client for Gemini

[1vuio0pswjnm7]

Gemini requires SNI. Major design flaw, IMO. It should be optional. AFAIK there are no gemini sites that support TLS1.3 with ESNI/ECH.^1 That means every hostname gets sent in plaintext over the wire. No exceptions. (Not every site owner is going to do virtual hosting, yet every client request must send SNI anyway. That is dumb.)

Tracking a user's complete browsing history would seem quite easy unless sites add padding to disguise file sizes.

At least with HTTP, most Cloudlfare-hosted sites will support ESNI. Plus there are some other workarounds to avoid SNI on other sites. Better than nothing.

1. Putting an ECH-enabled proxy in front of gemini servers may be one solution. https://defo.ie

[karmanyaahm]

Gemini is not finalized yet, but by the time it is it will most probably standardize 1.3

From solderpunk, the founder: "When I started Gemini I dearly wanted to specify that TLS 1.3 be the minimum allowed version of TLS."

https://lists.orbitalfox.eu/archives/gemini/2021/007539.html

> AFAIK there are no gemini sites that support TLS1.3 with ESNI/ECH

gemini://gemini.bortzmeyer.org/software/lupa/stats.gmi : 86 % of the capsules use TLS 1.3, 14 % use TLS 1.2.

Not sure about ESNI/ECH stats but TLS 1.3 is pretty widely used.