Hello Michiel,

 AI>> We are not trying to fix problems. We are trying to be secure.

 MV> "Secure" is meaningless without specifying against WHAT. What threats
 MV> are we securing against?

Any and all.

 MV>>> In what way is TLS "better"? A claim of "better" security has to
 MV>>> be more specific than just that. Better than what? Better
 MV>>> against what threats and by whom?

I wish I could answer that question. I am no expert on protocols or security.

I believe that TLS is an open standard, largely accepted as a secure mechanism
for internet transport today.

I know that you want the facts (and that's a good thing) but I can't give you
more than I already have.

 MV> That does not make it better for use in Fidonet. Fidonet is not the
 MV> InterNet, it just makes use of it.

There are very few dial-up nodes today. The vast majority of traffic today is
carried over the internet. That is unavoidable unless we go back to dial-up and
I don't think that is going to happen.

 AI>> and I would like to be secure.

 MV> You keep saying that,

Yes, it is nothing more than that.

 MV> In order to move forward, one first has to know which direction
 MV> matches "forward".

The TLS option is a very secure one.

 AI>> Maybe I said that wrong. How about this. Binkd's CRYPT option is
 AI>> weak (by todays standards).

 MV> In what way is it weak? Has it been cracked?

Yes, many years ago.

 AI>> Maybe we should think about using something more up to date, like
 AI>> TLS.

 MV> "More up to date" is not better by definition. With governments that
 MV> keep pushing for backdoors in encryption, "someting more up to date"
 MV> may actually be a step back.

TLS has been developed in the open so no backdoors there.

I would be happy to answer any questions you have, if I could. I'm sure there
are matter of fact answers to all your questions, but I don't know what they
are.

 Ttyl :-),
         Al

--- GoldED+/LNX 1.1.5-b20180707