Subj : RE: Secure binkp
To   : Al
From : NuSkooler
Date : Mon Nov 25 2019 07:49 pm


On Monday, November 25th Al was heard saying...
 Al> My understanding is that TLS 1.3 is secure and a good way to proceed.

I don't mean to butt in, but the TLS 1.3 protocol is certainly secure. Ensure
you choose secure & modern suite(s). For example:
TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

AES has the benefit of using AES-NI instructions on modern CPUs. Without these
instructions it can be up 30x slower and much more CPU intensive. If you're
running on very old hardware, some of this becomes almost a no-go as it's just
too intensive.

TLS is for PKI, which might make sense for a network op who could perhaps but
the Certificate Authority (CA), but I can see that quickly becoming an issue
when someone loses their private key/etc.

A end-to-end encryption system might be better if you're considering from
scratch (but of course OpenSSL and such make TLS much easier to implement).




-- 
>> NuSkooler
>> Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh)
>> ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic
--- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1)
 * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121)

.