Hello Alexey,

 AI>> STARTTLS is not a bad thing and would be better than nothing but
 AI>> leaves room for a man in the middle attack.

 AF> No it doesn't. MitM attack can only fool client into thinking that TLS
 AF> is not supported. But you can require TLS on a client side and it will
 AF> just disconnect, no harm done.

I believe it does. That's why STARTTLS has been depricated. I don't think the
binkd developers are going to bring STARTTLS to the table but we need to hear
from them.

 AF> That's a wrong direction. Before moving into some direction it is nice
 AF> to weight all opinions, especially ones from current binkd developers.

It is some direction. It is what I had hoped/imagined a binkps implementation
would be.

 AI>> Synchronet's implementation is looking good to me. Direct TLS and
 AI>> is working in my experience.

 AF> Still it requires modification to configurations, nodelist changes and
 AF> probably DNS changes as well. STARTTLS would eliminate all of that.

It requires a binkps listener to receive and "BinkpTLS=true" in the node
section of sbbsecho.ini for nodes you want to poll with binkps.

Amazingly simple.

 AI>> The binkd developers are most welcome although I am not sure who
 AI>> they are. Alexey perhaps but I am not sure. There is some
 AI>> discussion of all this in the BINKD area that I have been
 AI>> following and hoping to see the binkd developers there.

 AF> In fact this doesn't look like a good place to discuss technical
 AF> stuff, BINKD seems like a better one.

I have eyes on the area so we can move the discussion there if you like.

 Ttyl :-),
         Al

--- GoldED+/LNX 1.1.5-b20180707