This is sort of a follow-up on a discussion which took place during
this year's old computer challenge. You might well also consider it
"why not ssl" if that works better for you.

Well, for one thing I don't like the pseudo-markup. Whenever I've
looked at Gemini back when it was new I thought "that's kinda neat"
but when I thought about it it struck me as a bit odd. After all
I could just write a decent page in html and have it accessible to
everyone. Maybe it was going more after the gopher crowd (it
definitely was,) with the biggest advantage being inline links.
I never saw much benefit in that since the only gopher client I'm
aware of which doesn't support the "i" type is the original UM
client nobody's used for longer than I've been alive. You got bold
and stuff, but everyone knows what you mean when you do *this*.

The interesting part at the time was enforced tls. This was back
when LetsEncrypt was still somewhat novel and culturally there
was a big push for TLS everywhere (I suppose there still is in
some circles.) I think that the way it implements TLS was the big
interesting thing at the time. I'm generally of the belief that
Gemini's TOFU system is a better one than HTTPS, despite what
the author of cURL thinks.

To explain this lets go back to the mid 90's. The web is about to
explode and one of the defining ideas was "e-commerce." Back in
those days if you wanted to order something far away you had to
either call a phone line or send a piece of mail with what you
wanted, but the guys at Netscape had ideas about doing it over
the web. To prevent anyone from reading your credit card info
when you sent it, they needed some way to protect secrets shared
between the server and you. They came up with SSL, which could've
easily fit in with how http already worked. The way that this
works (to oversimplify it,) is that when I make a website, I
create two passwords (again, oversimplifying,) one that I keep
and one that I give away. When I send you a web page I protect it
with the key that I keep (the private key) and using the one
I give away (the public key,) you can open up that page. Because
of how it actually works this means that when you and I talk
nobody else can read or alter the contents. That left the problem
of authentication though.

We knew our messages back and forth were whole and unread but how
do you know you're talking to me rather than some imposter? This
is a much harder problem and how Netscape decided to solve it was
"Certificate Authorities." You couldn't just get a
certificate (the real term for what I called  "password",) and
pass it around (well you could, it was called "self-signed",) but
what a trustworthy site would do is go to a Certificate Authority
and be verified. The Certificate Authority would say "Yes, this 
is really who they say they are", Netscape would include these
attestations in your browser, and you'd know that your bank is
your bank. This immediately had problems because these CAs are
profit-seeking entities who want the most profit for the least
effort. For this to be a trustworthy system you might expect that
the Certificate Authority would do some actual investigation.
Make sure this business is real and registered, indepentently
contact people at that business to make sure that this request is
real, etc. All that these companies actually do is make sure that
the domain name (like google.com) is owned by you. I can register
gppgle.com just fine and get a cert for it, for example. In
practice there's no verification done by CAs aside from one
particular (but bad, to be fair,) attack. It also creates single
points of failure: there have been multiple compromises of
certificate authorities which allowed people to make any certs
they wanted.

Gemini takes a TOFU (Trust On First Use) approach. Basically:
every cert is self-signed. You're warned if the certificate
changes afterwards. This should be fine in practice, you can
just make your certificate last forever and it'll just work.
It'll catch attacks that the CA system won't (if my domain
expires and someone renews it before I can, they can generate
a CA-valid certificate for it where TOFU would catch it.) At
the expense of blindly trusting on the first visit. This strikes
me as a more reasonable and simpler system which I'd probably
only extend with some validation system allowing a linear chain
of certs, so a client will use my expired cert only to verify
the signature of the newer one, but I think that'd be impossible
within TLS as it's widely used.

So I like Gemini's system better, but why is this TLS encrypted
in the first place? Nobody serves sensitive information over
Gemini. The original idea was to protect your banking and
credit card information. For this we need to jump back to 2013.
There had been pushes to normalize cryptography before then but
with the Edward Snowden leaks there came this sort of general
consensus that all traffic on the internet needed to be
encrypted to provide a smoke screen. It might be cost effective
for the NSA to decrypt *some* traffic but if it was all
encrypted that wouldn't be viable. This is conjecture on my
part but if you don't think the major western governments don't
have access to the root CAs you're stupid. In this respect TOFU
is better too, but it betrays the lack of a point. There's no
smoke screen going on here, authentication and encryption don't
matter in a lot of cases, but we're going throug the trouble
anyway and in the process making it a lot harder to play with
and shutting down access to old but still usable machines.
.