social.dark-alexandr.net

sss friendica
There's a trend I've noticed in the past few years. It's tempting when designing new protocols and software (for example, Gemini or Mastodon) to *require* the use of TLS. Privacy is important, and making it non-negotiable in the protocol design is becoming more commonplace.

But TLS is far from perfect. It allows the global certificate authority cabal subvert your privacy, is burdensome over localhost and some LANs, and many overlay networks (Tor, yggdrasil, cjdns) have end-to-end encryption at layer 3, making TLS redundant. Alternative domain name systems also have problems with mandatory TLS.

Perhaps the compromise position is to require that all connections carry *some* level of privacy guarantees. Forcing TLS is a bad idea if you ask me.