Hello Oli,

 AI>> Yes, James said that he used this method as a start because we
 AI>> still need to use the current method when encryption is not
 AI>> supported at both sides of the link. The idea (when it's
 AI>> possible) is to move away from opportunitic TLS.

 Ol> It sounds like a good idea, but it's not (IMHO). We don't have to
 Ol> repeat the mistakes that others did 20 years ago. There will always be
 Ol> many mailers that don't support TLS, which means it never would be
 Ol> possible to move away from opportunistic encryption (by that logic).

 Ol> We can just use another default port for binkps. A _binkps._tcp srv
 Ol> record can point to the TLS port and a nodelist flag with optional
 Ol> hostname and port parameters can indicate TLS capability.

Yep, agreed. http uses port 80 and https uses port 443. We'll probably want to
do that for the same reasons http and https do that.

 AI>>>> Would binkp over TLS (or really, any secure method) be a good
 AI>>>> thing?

 Ol>>> Why wouldn't it? :)

 AI>> I can't think of a reason. If we could get something to test we
 AI>> could discover what works, what doesn't, and in time a standard
 AI>> method of doing this could be established.

 Ol> We could test direct TLS with binkp today :)

We should go ahead and do that if that's the case.

I have questions though and I think we should move this chatter elsewhere.

I could suggest the NET_DEV area, sound OK?

 Ttyl :-),
         Al

--- GoldED+/LNX 1.1.5-b20180707