Hello Richard,

On Tuesday December 17 2019 12:36, you wrote to me:

 MV>> Apples and oranges. Nobogus solved problems created by rouge
 MV>> CLIENTS. TLS does not protect against that. It only authorises
 MV>> the /server/, not the /client/.

 RM> Nope.
 RM> You can authenticate the client as well.

Yes, I know, it can be done. But TLS was designed around a client/server model
and authentication of the client is not standard.

 RM> But naturally then every client needs a signed certificate, and the
 RM> server needs to verify that client certificate.

Indeed. And what is the added value of that? Session and packet passwords have
ended anonymus mailbombs and other bad stuff. Binkp's CRYPT protects against
unauthorised listeners on the channel. I am not aware of binkp's security being
compromised.

Plus that I still wonder what we are protecting against whom. Do we really need
10 cm armour and triple locks to protect Fidonet content?


Cheers, Michiel

--- GoldED+/W32-MSVC 1.1.5-b20170303