Subj : Binkd and TLS To : Michiel van der Vlist From : Alan Ianson Date : Mon Dec 16 2019 02:59 pm Hello Michiel, TK>> Why not? :) MV> I can think of several reasons: MV> 1) Don't fix it if it ain't broke. I am not convinced yet that binkd's MV> security is broke and needs fixing. I don't think binkd or the binkp protocol are broken and need fixing. MV> I am not convinced that TLS offers better protection against snooping MV> than what binkd alread hasy. Half of TLS is providing authoritative MV> identity to the server. I don't see any value for that in Fidonet. MV> TTBOMK there has been no case of someone succesfully setting up a MV> rogue node amd maskerading for someone else. If only because there is MV> no bussines model.. This has happened in the past. nobogus comes to mind. TLS certainly offers better security. No question. MV> 2) It violates the KISS principle. I see little or no added value in MV> adding TLS to Binkd. In the case of Binkd it just makes things more MV> complicatied and prone to misconfigutaion and other mishaps. It does require some setup. Synchronet's BinkIT mailer currently has support for a binkps listener setup like this in Synchronet's services.ini [BINKPS] Port=24553 Command=binkit.js Options=TLS That's it for a binkps listener. To poll a node over a binkps capable link add "BinkpTLS=true" in that nodes section of sbbsecho.ini along with the appropriate port. The above seems pretty simple to me. I'm hopefull that we can also do this just as simply with binkd but we'd need some help and input from the binkd developers. This was all done without changing binkp. We have simply put binkp on a secure channel. MV> 3) If it were integrated in Binkd it would be one thing, but I looked MV> at stunnel for Windows and it exists. But it does not look all that MV> easy to implement. There is lots of room for typos and other errors. Yes, that is what we need. Perhaps binkd could also listen on port 24553 (or whatever port you choose) for binkps (binkp over TLS) and an easy way to poll binkps capable nodes, something along the lines of BinkpTLS=true. MV> 4) The stunnel method does not scale well. It has the same problem as MV> running an old IPv4 only application via a 6to4 proxy. Incoming is MV> easy, outgoing requires a dedicated setting for each destination. Does MV> not scale well beyond 10 destinations or so. I have not been able to figure this out but I see some nodes do this successfully with binkd. The binkd developers may have a better way. MV> 5) A weakness of TLS is that it depends on a third party: the MV> Certificate Authority. I don't like to be dependant om a third party. MV> Fidonet was designed as a peer to peer network. I currently use a self signed certificate. I could also get a certificate from letsencrypt or elsewhere if that would be better. Do folks still use PGP? Something like that is also possible although we are stepping away from simplicity again. MV> 6) I suspect the main reason for the existance of certificates is that MV> it is a bussiness model for those issuing the certificates. I do have a certificate from letsencrypt that I use for my domain. It hasn't cost me any extra $$$ to date. Ttyl :-), Al --- GoldED+/LNX 1.1.5-b20180707 * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757) .