Subj : RE: Secure binkp
To   : Al
From : Alterego
Date : Mon Nov 25 2019 11:26 am

  Re: RE: Secure binkp
  By: Al to Oli on Sun Nov 24 2019 02:25 pm

 Al> Sounds like Alexey is thinking on a new protocol. Maybe we'll end up with
 Al> a binkd mailer that supports binkp as it is and another protocol for
 Al> secure binkp, possibly binkps.

This makes sense to me - it should be binkps. It probably would need a new
nodelist flag and parseing, since IBN is for binkp. 

 Al> He made it sound like TLS was not a solution, and insecure?

From what I understand (and I havent thought this through, nor am I an expert
in this area) - but if you connect on a non secure channel and the server says
"lets go encrypted" and the client says "not today", then you are no more
secure.

Further, if the client does say "going secure: code is ABC", that code is sent
in the clear, so anybody can see the code on the wire and use the code. I think
 that's the crux of it?

Thinking it through further the "Code is ABC" needs to be linked to something
external (time?) so that it's not always "ABC" - but the server recalculates
the code that the client sends and comes to the same answer. Maybe TLS cannot
do it this way...

Now I'm rambling... :(
....лоег

.... It would be illogical to assume that all conditions remain stable.
--- SBBSecho 3.10-Linux
 * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

.