gemini://://carcosa.net/journal/20201228-nntp-successor.gmi
#

A successor protocol to NNTP?

##

Why I love NNTP

I got on Usenet about a year before the Eternal September began. In the time since then, I've used a lot of fora, social media sites, and so on, and I still haven't found anything that actually improves on Usenet circa 1992. It had topic-based and local groups, real threading, and let you use your choice of client to read and post.

I'm currently on a private NNTP server, and I really enjoy it, though it would be better with a larger user base; I'm not as active there as I'd like to be for various reasons.

##

Why are you thinking about a successor protocol?

I've been involved in Gemini development for a while, and one thing that keeps coming up is that people want to implement fora for Gemini. I think this is a bad idea for a couple of reasons.

First, Gemini is technically ill-suited for interactive applications. It doesn't have any way of signaling that a request may have side effects, unlike the web, which means that caching, prefetching, and cross-site requests mess up Gemini applications much worse than they do the web; I'd rather Gemini requests be considered idempotent, and only allow dynamic pages without side-effects (like searches or weather forecasts, for example).

Second, I'm of the opinion that the use of the "Web Platform" to develop all kinds of applications, using HTTP(S) for every kind of communication, and treating the browser as a GUI toolkit, is an aberration. Applications should have their own protocols, designed specifically for the application's needs. These protocols should be open, and allow multiple client and server implementations. You should not expect to have one universal client that downloads and runs the *actual* client for every application you use.

The protocol for fora is NNTP. But NNTP was designed in an era before spam, with the same kind of 'gentlemen's agreement' approach to message validation that email has. And it was designed before the world had as much experience with social media. What I'm proposing is a protocol *in the same spirit as Gemini*, without building on Gemini directly – retrofuturistic in the sense that it solves problems we know about in hindsight, without significantly increasing scope or complexity.

##

What would be in a successor protocol?

Basically, I'm thinking of a protocol that solves the problems I know about with NNTP:

1. Not guaranteed 8-bit clean

2. No (or very poor) resistance to forgery; besides allowing forgery,this also makes it harder to block spam.

3. Flood-fill mechanism for propagation of posts is good (because it means servers don't have to always be up), but it might be inefficient. Needs research.

4. Data retention – expiration policy is set by leaf nodes, not origin

a. right to be forgotten (vs)

b. canonical location for archived posts.

5. Cancel messages/newgroup messages/etc are a really awkward way of doing things. If something similar is still required, it should never be visible to users/mods.

Regarding 2, I've heard people say that you should just require pgp signatures,

but then you get non-repudiation, which I consider an anti-feature.

I want messages to be robust enough in format to support the kinds of things a modern forum like Discourse does – inline animated gifs, link previews, etc., but also relatively easy to implement even for terminal clients, and without any hidden security/privacy gotchas. I *think* that MIME messages where the main body is CommonMark with no inline HTML is suitable.

There should be a C2S protocol and an S2S protocol, and they should be related, but not identical.

This is a protocol for public messaging, so if SSL is involved, it is for prevention of censorship and tampering. There should be a standard way for users to specify their private contact information.

##

What *wouldn't* be in a successor protocol

While I would want it to be federated, I don't think I actually want it to be a single global federation like the Fediverse or email. Usenet was global in the sense that it had servers all around the world, but it never was designed to scale to the world-swallowing "everyone on Earth is a user" scale of the Web tech oligopolies like Facebook. Given how every server has to replicate every message for every group it carries, it probably couldn't have.

The Fediverse gets around this by not even trying to carry every message – every server only carries messages from its users and people followed by its users. Secure Scuttlebutt does something basically similar; every user has a "horizon" of what they can see that is basically FOAF.

I don't really want to have anything analogous to follows in this protocol, so there has to be some other way of setting a horizon. I'm leaning towards federating only by whitelist, and not transitively ("give me everything you know about") the way Usenet did. But I'm completely open to suggestions. I'd kind of *like* messages to be globally addressable and reachable by everyone, even messages that wouldn't normally show up in your groups. Or maybe groups shouldn't actually ever be global. I'm conflicted.

##

Responses

I had an email response from a couple people, and sent them an earlier version of the above. One responded with a gemlog entry that can be seen here:

=>A Successor to NNTP