Subj : -64 and -46 option missing in 101
To   : Alan Ianson
From : Alexey Fayans
Date : Thu May 07 2020 01:33 am

Hello Alan!

On Wed, 06 May 2020 at 13:34 -0700, you wrote to me:

 AI>>> I say it is secure because it is! Arguing that it isn't is just
 AI>>> plain silly.
 AF>> No it is not. Thinking that obfuscation equals security is silly.
 AI> What obfuscation and/or lack of security do you speak of?

I think I already explained it. If you cannot verify certificate that was used for encryption, there is no security in this encryption, only obfuscation (it's harder to read/modify communication but still possible via MitM attach which will go unnoticed).

 AI>>> We could use some kind of in house certificates in fidonet. We
 AI>>> would have to build and maintain all that.
 AF>> There are many options. For example, have centralized certificate
 AF>> issuer or have pubkeys in nodelist or DNS. The only problem is
 AF>> that there is no standard to implement.
 AI> If you want that info in the nodelist then the nodelist standard comes
 AI> into play. If the nodelist had that info we could look there but that
 AI> is not the case.

I didn't say I wanted it there. It was just an option, one of many.

 AI> If my current certificate is not good enough then what would be and
 AI> why?

You are using certificate issued by a trusted CA that matches your domain specified in nodelist, which is fine. If there would be a standard for binkps requiring INA to be present and contain a valid domain name, then mailers could verify certificates based on domain names and trusted CA, as web browsers do. But without a standard there is no security. If there will be an IP address in the INA field, how can you verify certificate validity?


.... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net
--- GoldED+/W32-MSVC 1.1.5-b20180707
 * Origin: Music Station | https://ms.bsrealm.net (2:5030/1997)

.