Subj : Binkd and TLS
To   : Richard Menedetter
From : Michiel van der Vlist
Date : Tue Dec 17 2019 01:29 pm

Hello Richard,

On Tuesday December 17 2019 12:36, you wrote to me:

 MV>> Apples and oranges. Nobogus solved problems created by rouge
 MV>> CLIENTS. TLS does not protect against that. It only authorises
 MV>> the /server/, not the /client/.

 RM> Nope.
 RM> You can authenticate the client as well.

Yes, I know, it can be done. But TLS was designed around a client/server model 
and authentication of the client is not standard.

 RM> But naturally then every client needs a signed certificate, and the
 RM> server needs to verify that client certificate.

Indeed. And what is the added value of that? Session and packet passwords have 
ended anonymus mailbombs and other bad stuff. Binkp's CRYPT protects against 
unauthorised listeners on the channel. I am not aware of binkp's security being 
compromised.

Plus that I still wonder what we are protecting against whom. Do we really need 
10 cm armour and triple locks to protect Fidonet content?


Cheers, Michiel

--- GoldED+/W32-MSVC 1.1.5-b20170303
 * Origin: http://www.vlist.eu (2:280/5555)

.