Subj : Binkd and TLS To : Alan Ianson From : Michiel van der Vlist Date : Sat Dec 21 2019 12:34 pm Hello Alan, On Tuesday December 17 2019 14:32, you wrote to me: MV>> "Secure" is meaningless without specifying against WHAT. What MV>> threats are we securing against? AI> Any and all. That is not a realistic goal. One can not effectively defend if one has no idea about who or what is the threat. AI> I believe that TLS is an open standard, largely accepted as a secure AI> mechanism for internet transport today. That does not mean it is good or not good for the specific needs of Fidonet. MV>> That does not make it better for use in Fidonet. Fidonet is not MV>> the InterNet, it just makes use of it. AI> There are very few dial-up nodes today. The vast majority of traffic AI> today is carried over the internet. That is unavoidable unless we go AI> back to dial-up and I don't think that is going to happen. Sure POTS is on the way out. Fidonet uses the Internet as the main means of transport. So? AI>>> and I would like to be secure. MV>> You keep saying that, AI> Yes, it is nothing more than that. Secure without knowledge of the threat is no security. MV>> In order to move forward, one first has to know which direction MV>> matches "forward". AI> The TLS option is a very secure one. There is no such thing as universal security. I have reason to trust the electronic key that protects my car against theft. It does not protect against a thief breaking into my house to steal the key. It also does not protect against a thief with a row truck. AI>>> Maybe I said that wrong. How about this. Binkd's CRYPT option is AI>>> weak (by todays standards). MV>> In what way is it weak? Has it been cracked? AI> Yes, many years ago. In the context of Fidonet or in the context of PkZip? AI>>> Maybe we should think about using something more up to date, AI>>> like TLS. MV>> "More up to date" is not better by definition. With governments MV>> that keep pushing for backdoors in encryption, "someting more up MV>> to date" may actually be a step back. AI> TLS has been developed in the open so no backdoors there. 1) Open source is no absolute guarantee against backdoors or other weaknesses. 2) The weakness need not be in the protocol itself, it could be in the way that it is used. Thje weakness in my car key is how ell I guard the key. If the key falls in the wrong hands, it is useless for potection. TLS depends on the integrity of the authority signing the certificates. If the authority is compromised, so are the certificates and the security of TLS.This has alreaduy happened with the Diginotar CA. The main threat in Fidonet has been a malicious sysop masquarading a trusted party to gain access to the secure inbound. A properly configured Fidonet system has the secure inbound protected by a session password. Session passwords ended the mail bomb. Binkp does not exchange the passwords in clear text. Plus that there ar packet passwords. TTBOMK this mechanism has been effective in protecting the secure inbound. Please note that the normal implementation of TLS (cerificate for the server only) does not protect against the main threat of Fidonet: someone masquarading as a trusted party to gain access to the secure inbound. Nr 2 on the list of threats in Fidonet is snooping on routed netmail. TLS does not protect against that either. You need end to end encryption on the message level for that. So what does TLS in Fidonet protect against? Someone snooping on the stream? I say there is no protection against a sufficiently motivated agency with "infinite" resources. Such as a government. And for the rest it does not matter. There is no financial gain to be expected by snooping on Fidonet. For 99% it is an exercise in futility anyway. 99% of the traffic in Fidonet is echomail. Sorry, I see TLS in Fidonet as shooting on a musquito with a canon. Cheers, Michiel --- GoldED+/W32-MSVC 1.1.5-b20170303 * Origin: http://www.vlist.eu (2:280/5555) .