Subj : Binkd and TLS To : Michiel van der Vlist From : Alan Ianson Date : Tue Dec 17 2019 02:19 am Hello Michiel, MV> Then what problem ARE we trying to fix? We are not trying to fix problems. We are trying to be secure. MV> Apples and oranges. Nobogus solved problems created by rouge CLIENTS. MV> TLS does not protect against that. It only authorises the /server/, MV> not the /client/. TLS needs to be supported and used by both client and server. AI>> TLS certainly offers better security. No question. MV> So you say. But merely claiming it is "better" is just like claiming MV> aluminium is "better" than copper. MV> In what way is TLS "better"? A claim of "better" security has to be MV> more specific than just that. Better than what? Better against what MV> threats and by whom? I can't answer why, I don't know all the reasons why. TLS is the standard method used today to secure traffic on the internet, and I would like to be secure. We could also just stand still and see how it goes. I am just being proactive WRT security. AI>> It does require some setup. Synchronet's BinkIT mailer currently AI>> has support for a binkps listener setup like this in Synchronet's AI>> services.ini MV> The world of Fidonet is bigger than Synchronet (Thank god). You make MV> it sound like "Synchronet supports it, so it must be a good thing". MV> Sorry, I am not of the "Synchronet is better" club. True. I want us all to be secure regardless of our choice of software. AI>> This was all done without changing binkp. We have simply put AI>> binkp on a secure channel. MV> But why? I still have no answer for that. Let me put it this way: MV> If binkd over TLS is the solution, what is the problem? There is no problem here that we are trying to solve. Binkd currently supports an option called CRYPT, for the purposes of security. That was a good option when it was implemented. Today TLS is used for the purposes of security. I could be all wrong but I think TLS is a better option, that's all. Maybe I said that wrong. How about this. Binkd's CRYPT option is weak (by todays standards). Maybe we should think about using something more up to date, like TLS. Ttyl :-), Al --- GoldED+/LNX 1.1.5-b20180707 * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757) .