Subj : Re: BINKP over TLS
To   : Oli
From : Wilfred van Velzen
Date : Sat Dec 14 2019 03:51 pm

* Originally in FIDONEWS
* Crossposted in BINKD

Hi Oli,

On 2019-12-14 08:29:58, you wrote to Rob Swindell:

 RS>> Cool. Next steps are probably to define (or get IANA to assign) an
 RS>> "official" binkps TCP port number. And then maybe a nodelist flag
 RS>> should be defined so nodes supporting binkps (instead-of or
 RS>> in-addition-to binkp) can be automatically identified.

 Ol> There is much more to do for the standardization. An IANA number is the
 Ol> least important.

But we should agree in fidonet on the default/preferred port to use! So it 
doesn't have to be specified in the nodelist if you use the default.
(24553 is unassigned by IANA)

 Ol> Do we really need an official port number? Or is it better to rely on
 Ol> other ways as many nodes use a non-standard port number anyway:
 Ol> - SRV records (_binkps._tcp should be mandatory)

Not everyone's dns "interface" is able to set this I think.

 Ol> - Nodelist flag (INBS?)

You mean IBNS: ? Most flags seem to be a 3 letter combination, so maybe use: 
IBS: ?

 Ol> - should we allow self-signed certificates? (yes)

With the existence of letsencrypt it's not really necessary. But I think it's 
up to the individuals. As 'client' you should decide for yourself if you really 
want to connect to a server with a selfsigned certificate.

 Ol> - which TLS version are allowed? (>= TLS v1.3)

I think we should follow common practice on the "wider" internet...

 Ol> - should the client use alpn?

If necessary. ;)

But I have access to a lot of linux machines, older and newer. But none of the 
openssl and ncat versions I checked seem to support it...?

Bye, Wilfred.

--- FMail-lnx64 2.1.0.18-B20170815
 * Origin: FMail development HQ (2:280/464)

.