Subj : Re: Is binkp/d's security model kaputt?
To   : apam
From : tenser
Date : Tue Sep 21 2021 02:36 am

On 18 Sep 2021 at 04:57p, apam pondered and said...
 
 ap> Why is binkd even a thing? What's the history of it? I don't know.. Apart
 ap> from integrating with the binkley style outbound, why did they make a new
 ap> protocol to transfer these messages?

I did a small amount of research into this when I wrote Ginko.
What I gathered is that Fidonet was very much a thing in the
former Soviet Union, but by the mid 1990s, those countries
were starting to get access to the Internet.  They didn't want
to lose the communities or networks, so wanted to figure out
how to bridge the legacy technologies they were using onto the
Net.

But why invent a new protocol?  Probably a few reasons.  First,
I imagine that at the time most users were still using dialup
Internet services, so there was a desire to keep overhead low.
Binkp was initially fairly good at being full-duplex and avoiding
what they call, "synchronization points" (or some such) between
client and server: once password acknowledgement is done, you
enter effectively a streaming data transfer stage and that's
basically it.  At least, that's how it was at first.  The protocol
was updated over time as deficiencies in that model were found
to try and make it more robust.

Second, I don't think it was as obvious then as it is now that
the world wide web was going to be such a force.  Existing Internet
protocols to build on would have been NNTP, SMTP, FTP and HTTP.
Of those, NNTP would have been the most obvious, but it doesn't
fit super neatly into the Fidonet way of doing things, where
messages aren't (generally) transferred as "messages" per se, but
rather as compressed packets that potentially contain multiple
messages.  Since they presumably wanted to retain compatibility
with closed-source BBS packages, they'd either have to have some
kind of translation layer or do something different.  Similarly,
SMTP kind of falls down for similar reasons, plus, spam was
becoming a big deal and I imagine it was conflated with notions
of using SMTP.  FTP without passive mode had problems connecting
to end-user machines (since transfer is done over a separate TCP
connection specified by PORT commands, etc).  That leaves HTTP,
but it was a pretty immature protocol in 1996, when binkp's first
spec was proposed (HTTP/1.1, which is the first really reasonable
version, wasn't specified until 1999).

I suspect a third reason is lack of familiarity with the Internet
in general and the "fun" factor of building one's own protocol.
In the mid-1990s, lots of stuff got thrown at the wall.

Today, it's clear that building something on top of HTTP is the
correct design decision, but we see that with 30 years of the web
and 25 years of binkp.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
 * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

.