Subj : Secure binkp To : NuSkooler From : Oli Date : Tue Nov 26 2019 01:31 pm On Mon, 25 Nov 2019 19:49:35 -0700 "NuSkooler -> Al" <0@121.1.21> wrote: N> On Monday, November 25th Al was heard saying... Al>> My understanding is that TLS 1.3 is secure and a good way to Al>> proceed. N> I don't mean to butt in, but the TLS 1.3 protocol is certainly N> secure. Ensure you choose secure & modern suite(s). For example: N> TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 Is it possible to choose insecure ciphersuites with TLS 1.3? N> AES has the benefit of using AES-NI instructions on modern CPUs. N> Without these instructions it can be up 30x slower and much more CPU N> intensive. If you're running on very old hardware, some of this N> becomes almost a no-go as it's just too intensive. ChaCha20-Poly1305 is faster, if there is no support for AES in the CPU. But how important is the support for _very_ old hardware? Is anyone still developing Fidonet software for these computers, especially a binkp mailer? Does binkp still compile for Amiga 68k? Is it possbile to use any secure encryption (by todays standards) on these machines? There are two options: 1) You just run your old software with no or weak encryption as all the other nodes do today. 2) You do the encryption on another device. Tor, i2p or other overlay networks would work for 2). It's also possible to write some kind of TLS proxy for outgoing connections. And maybe 3) use a secure encryption algorithm that works on very slow computers. Not sure if something like this exist. N> TLS is for PKI, which might make sense for a network op who could N> perhaps but the Certificate Authority (CA), but I can see that N> quickly becoming an issue when someone loses their private key/etc. I would like to avoid this. This would open another can of worms. N> A end-to-end encryption system might be better if you're considering N> from scratch (but of course OpenSSL and such make TLS much easier to N> implement). What do you mean with e2e encryption in this context? e2e on the network level or on the message level? --- * Origin: (21:1/151) .