Subj : Secure binkp
To   : Al
From : Oli
Date : Tue Nov 26 2019 12:53 am

On Mon, 25 Nov 2019 14:13:52 -0800
"Al -> Oli" <0@106.4.21> wrote:

 A> My understanding is that TLS 1.3 is secure and a good way to proceed.

 Ol>> Maybe someone will implement a good alternative to TLS for
 Ol>> binkp or a completely new protocol, but I haven't seen any
 Ol>> announcement. Until then TLS (1.3) could provide strong
 Ol>> encryption and is easy to add (the other alternative  is
 Ol>> encryption at the transport layer, like VPN, Tor, i2p,
 Ol>> IPsec, ...)

 A> I don't know much about these alternate transport methods. My only
 A> presence on the web is my BBSs web site.

 A> I have heard IPsec but don't know what that is. Something to do with
 A> IPv6? If connected via IPv6 do I have IPsec enabled or do I need to
 A> take extra steps for that, and does it negate the need for other
 A> security like TLS?

I just included some buzzwords and you picked the one I know the least about
:). IPsec is way to complicated for normal human beans like us to understand.
IPsec is encrypting on the IP level (network layer). If the traffic on the
network itself is already encrypted, applications don't have to do the
encryption. I think that was the basic idea. Maybe we should just ignore that I
 mentioned IPsec, but if your really want to know more, here are some infos:
https://www.freeswan.org/freeswan_snaps/CURRENT-SNAP/doc/ipsec.html
https://www.comparitech.com/blog/information-security/ipsec-encryption/

What I forgot to mention is that QUIC will be the next big thing / encrypted
protocol (HTTP/3 is based on it).

Can someone read this and explain it to us in a few words? ;)
https://datatracker.ietf.org/doc/draft-ietf-taps-transport-security/

---
 * Origin:  (21:1/151)

.