Hello Alexey,
AI>> STARTTLS is not a bad thing and would be better than nothing but
AI>> leaves room for a man in the middle attack.
AF> No it doesn't. MitM attack can only fool client into thinking that TLS
AF> is not supported. But you can require TLS on a client side and it will
AF> just disconnect, no harm done.
I believe it does. That's why STARTTLS has been depricated. I don't think the
binkd developers are going to bring STARTTLS to the table but we need to hear
from them.
AF> That's a wrong direction. Before moving into some direction it is nice
AF> to weight all opinions, especially ones from current binkd developers.
It is some direction. It is what I had hoped/imagined a binkps implementation
would be.
AI>> Synchronet's implementation is looking good to me. Direct TLS and
AI>> is working in my experience.
AF> Still it requires modification to configurations, nodelist changes and
AF> probably DNS changes as well. STARTTLS would eliminate all of that.
It requires a binkps listener to receive and "BinkpTLS=true" in the node
section of sbbsecho.ini for nodes you want to poll with binkps.
Amazingly simple.
AI>> The binkd developers are most welcome although I am not sure who
AI>> they are. Alexey perhaps but I am not sure. There is some
AI>> discussion of all this in the BINKD area that I have been
AI>> following and hoping to see the binkd developers there.
AF> In fact this doesn't look like a good place to discuss technical
AF> stuff, BINKD seems like a better one.
I have eyes on the area so we can move the discussion there if you like.
Ttyl :-),
Al
--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
|