[gopher] Capability files are dangerous

[Jacob Dahl Pind]

On Mon, 14 May 2012, Denis Bernard wrote:

> Capability files are dangerous!

this reminds me of the classical pop up with danger!! you are broadcasting 
your ip!!!11!1einself

<snip>

>  Up to day, any Gopher client was able to deal with any Gopher server
> (more or less). The spirit of Gopher is to keep it as simple as
> possible and, mainly, for retrieving files anonymously. Up to day, it
> was impossible, for an administrator of a Gopher server, to know which
> flavor of a Gopher client was browsing its site. The only information
> available was from the IP address. Now, with a capability file like
> ?caps.txt?, there is a fingerprint. Without to be paranoiac, everybody
> heard of web sites serving contents (or refusing to serve!) according
> the software or the system that the client have. That will happen for
> the Gopher space too!

As caps.txt is server side, I fail to how it relates to servering data to 
a client, the server has no ideer what its talking to, unlike useragent 
string in http world.

<snip>
>
>  A capability file offers interesting informations about the Gopher
> server software version that you run and its hardware. Knowing the
> version of the capability file, the version of the software of the
> server, it is easy to deduce how much the administrator is lazy or
> incompetent.
>

That is the typical snakeoil security argument, you must not tell people 
what you are running, and then disregarding ability of tcp/ip finger 
printing from nmap and co.
Hell even without that there are only so many gopher servers out there, 
and they all have more or less identifyable features.

>  You can find, in a capability file, private informations provided
> by its unadvised administrator like the geographical position of its
> server. So, if somebody claims that you are serving a file under a
> copyright that you don't hold, knowing the city where the server runs,
> he can easily find the door of the competent justice court. If you do
> not provide that kind of information, jurists will have to ask to the
> Internet provider who are you according your IP address (supposing
> your domain name is kept in anonymity). It takes time and they need to
> have strong motivation to do that.

Camerons proposal is a simple file, it doesnt magicly out of the blue gets 
the infomation , its infomation that you as an admin either have to enter 
into a file yourself, or in the case of gophernicus you can let it 
generate it automatical, again only with infomation you supply it.
Descript, admin and geolocation is optional fields.

But even without that geolocation field, unless you happen to run your 
server over a tor network, it aint terrible hard this days to figure out 
where in the world a ip is based.

>  Providing a precise resource at a root Gopher server, like a well
> known capability file, makes this server vulnerable to a massive
> attack. Until to day, if a Gopher server is flooded by requests, it
> just have either to display a root menu file (gophermap) or an error
> message. The other resources can stand on other severs: thanks to
> Gopher protocol to be a distributed system! If you provide a
> capability file, your server must have to reply the full content of
> this additional file requested. You can tell me that is the the same
> with a resource that doesn't exist: server replies with a short
> message of one line. But, for a capability file, the reply is much
> more long than an error message. And do not forget that: next year,
> you will have to play with 10 flavors of capability files!

Again the caps file is just a file, Gopherd servers can chose to implement 
it as special case or just as a hardcoded file. So nothing changes there.


>  You are advised, now. Have fun!

I have nothing but fun.


Regards 
--
Jacob Dahl Pind | telefisk.org | fidonet 2:230/38.8