Misfin: a smallnet messaging protocol

Misfin is a lightweight messaging protocol, similar to SMTP or WhatsApp. It uses mandatory TLS and the Gemini text format.

The active version of Misfin is called Misfin(C). The best place to talk about implementing misfin is the ##misfin channel on libera.chat

I (satch) am committed to keeping this page up-to-date, accurate and comprehensive. Please contact me at mail@satch.xyz with any corrections. This page was copied in large part from mk270's page.

Misfin(A), Misfin(B), Proposed Misfin(C)

Misfin(A) and Misfin(B) are two version of Misfin, created by Lem, the originator of Misfin, who is currently absent.

There is a community proposal for Misfin(C), negotiated between implementers via IRC. This is still in draft form. Misfin(C) is deliberately incompatible with Misfin(B). This means that conformant Misfin(B) servers will continue to enforce Misfin(B)'s stricter message length limits.

Misfin(C) is in no sense endorsed by Lem, the Misfin maintainer.

Links

Misfin(C)

Current Misfin(C) proposal, "9th draft"

Informal Misfin(C) proposal with reasoning for changes

Minutes for IRC meeting on 2023-12-31

Misfin(B)

Official Misfin site (by Lem who is absent)

Misfin(B) spec

Misfin in general

Misfin interoperability report

Misfin discussions on BBS

Implementations

Clients

Skylab

Skylab is the most feature rich client at the moment, it uses a Gemini frontend. It is a CGI program in Go.

cipres' misfin

This is a Gemini frontend for cipres' server written in Python. It has an address book feature which Skylab does not have.

and gemalaya browser

clseibold's misfinmail

No Active development (contact me if my categorization here is wrong):

misfin-submit

misfin-shell

Reference implementation

Servers

clseibold's misfin-server in Go

cipres' server in Python

No Active development:

reference implementation

Libraries

gemmail-python library by clseibold

clseibold's gembox library in Go

clseibold's gemmail library in Go

clseibold's misfin_client library in Go

No Active development:

Dory, a misfin library in Rust by jeang3nie

Issues

(This list isn't necessarily up-to-date)

messages aren't encrypted at rest / intermediaries can intercept the messages, even though sender likely has the public key for the recipient

mailing lists: only the last hop can be verified

implicit ambiguity re CRLF/LF in the lines part of the misfin(B) spec

TLS libraries are a bit shaky on self-signed certificates, the proffering of non-mandatory certificates, etc

TLS libraries use different ASN1 data types for representing mandatory fields (like subject alt name) required by misfin

the misfin(B) spec could be portrayed as trying to extend Gemtext format

in principle the misfin(B) metadata lines could appear anywhere in the body of the message

there is no obvious way that the holder of a mailbox can attest that the server is authorised to receive messages to that mailbox over misfin

it should be explicit in Misfin(C) that the receiving servers adds the sender and timestamp, not the sender

what support should there be for null-body verification messages

What Misfin is not

Misfin is *not* a protocol for retrieving or manipulating messages stored on a remote server, on behalf of one or multiple clients

Misfin is *not* end-to-end encrypted in the accepted sense of that term, but it *is* mandatorily encrypted and thus protected against middleboxes

There are related protocols for dealing with these two issues:

GMAP

LATSSIAM