Hello Michiel,
AI>> We are not trying to fix problems. We are trying to be secure.
MV> "Secure" is meaningless without specifying against WHAT. What threats
MV> are we securing against?
Any and all.
MV>>> In what way is TLS "better"? A claim of "better" security has to
MV>>> be more specific than just that. Better than what? Better
MV>>> against what threats and by whom?
I wish I could answer that question. I am no expert on protocols or security.
I believe that TLS is an open standard, largely accepted as a secure mechanism
for internet transport today.
I know that you want the facts (and that's a good thing) but I can't give you
more than I already have.
MV> That does not make it better for use in Fidonet. Fidonet is not the
MV> InterNet, it just makes use of it.
There are very few dial-up nodes today. The vast majority of traffic today is
carried over the internet. That is unavoidable unless we go back to dial-up and
I don't think that is going to happen.
AI>> and I would like to be secure.
MV> You keep saying that,
Yes, it is nothing more than that.
MV> In order to move forward, one first has to know which direction
MV> matches "forward".
The TLS option is a very secure one.
AI>> Maybe I said that wrong. How about this. Binkd's CRYPT option is
AI>> weak (by todays standards).
MV> In what way is it weak? Has it been cracked?
Yes, many years ago.
AI>> Maybe we should think about using something more up to date, like
AI>> TLS.
MV> "More up to date" is not better by definition. With governments that
MV> keep pushing for backdoors in encryption, "someting more up to date"
MV> may actually be a step back.
TLS has been developed in the open so no backdoors there.
I would be happy to answer any questions you have, if I could. I'm sure there
are matter of fact answers to all your questions, but I don't know what they
are.
Ttyl :-),
Al
--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
|