Subj : BINKP over TLS To : Alan Ianson From : Alexey Fayans Date : Sat Dec 21 2019 06:30 am Hello Alan! On Fri, 20 Dec 2019 at 14:31 -0800, you wrote to me: AF>> Let's start talking about "very secure" when there will be a AF>> mechanism to verify/trust peers' certificates. Right now it's as AF>> secure as plain text. AI> Is implicit TLS anything less than very secure? AI> How is it "as secure as plain text" ? It is not secure at all when client cannot verify server's certificate authenticity. Anyone in the middle can issue own self-signed certificate and client will be happy to accept it. AF>> Yeah, the problem is that it won't magically start doing that. AI> I'm not suggesting magic. For now, nodes who want binkd to listen for AI> TLS will need to run a second listener. For now it's not even a FTS proposal, so we are not talking about now, we are talking about what it can be if done properly. AI>>> For a start there is the BinkIT mailer that supports TLS now. AF>> Great. How many sysops are using it? AI> I have one link using the binkit mailer. How many use it is unknown to AI> me. Not many. I don't have numbers, but I'd guess that binkd runs on like 90% of all binkp nodes. The rest 10% is shared between multi-protocol mailers and some exotic software like BinkIT (I never even heard of it before you named it). AF>> Have you seen binkd configuration? Currently it is not possible AF>> to define a node supporting two protocols specifying ports. And AF>> hardcoding TLS port is not an option obviously. AI> Ultimately I would like binkd to listen on port 24553 for incoming AI> polls over TLS, and I need a way to configure binkd to poll supporting AI> nodes over TLS where it is supported. AI> That was an easy sentence to write but may not be so easy to AI> impliment. You cannot force everyone to use a single port. At some places that just cannot be done, i.e. when several nodes are sharing a single IP address. .... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net --- GoldED+/W32-MSVC 1.1.5-b20180707 * Origin: Music Station | https://ms.bsrealm.net (2:5030/1997) .