Subj : Re: binkd crypt
To   : NuSkooler
From : tenser
Date : Thu Jan 04 2024 03:51 am

On 02 Jan 2024 at 07:27p, NuSkooler pondered and said...
 
 Nu> tenser around Wednesday, January 3rd...
 Nu>  Te> Oh, I don't know: incremental progress towards security as a goal may
 Nu>  Te> slow, but is still progress, no?
 Nu> 
 Nu> I'd argue that it's just a false sense of security, which can be worse
 Nu> than none.

Perhaps.  It wouldn't protect against any number of other
attack vectors, but neither would a new protocol.  On the
other hand, if binkp regularly ran over TLS-protected
connections, it would be (largely) immune to passive sniffing.

Not that that matters much; I doubt the greater BBS community
is passing any traffic that _requires_ it.

 Nu> If we were to implement a *new* protocol that is always encrypted, that
 Nu> would be a better start -- only policy can prevent people from exposing
 Nu> the messages elsewhere though + old setups will inherently be left out.

A way around that would be a proxy at the edge of that system's
local network that handles encryption.  It's not completely
end-to-end, but does it need to be?

--- Mystic BBS v1.12 A48 (Linux/64)
 * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

.