Hello Oli!

On Thu, 19 Dec 2019 at 07:38 +0100, you wrote to me:

 AF>> 1. STARTTLS is the best option because:
 Ol> How do you encrypt the metadata that is sent on connection? Can
 Ol> STARTTLS negotiated before node infos are sent?

I think I already answered this question. One option is to wait for STARTTLS
command from client for a few seconds on incoming connection before sending
metadata. That will introduce a few seconds connection delay with older
clients, though. There might be a better solution, I just don't know the binkp
protocol good enough.

 Ol> Will this add another roundtrip?
 Ol> Direct TLS will give us a quick path to QUIC, which would reduce
 Ol> connection times instead of making the protocol slower.

Things like that matter in real-time applications, i.e. ajax web pages that
make thousands of small requests to server. Not our case really.

 AF>> 2. For any kind of TLS something must be decided on certificate
 AF>> authority.
 Ol> Or don't us a CA. There is DANE, TOFU and we still have the encrypted
 Ol> session password for authentication ...

Without CA the whole thing is just pointless and subject to simple MitM attack.
So why even talking about security?

DANE and TOFU are ways to tell that the system supports TLS, not a way to
verify its certificate.


... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net
--- GoldED+/W32-MSVC 1.1.5-b20180707