Hello Alexey,
AF> Well, it's not a strong argument you know.
It's not my intention to argue at all.
AI>> Since then I have looked up the subject. There is a mountain of
AI>> information on the subject and I have not read it all, but I
AI>> don't see folks adopting STARTTLS today, only depricating it.
AF> Any examples of real deprecations? Even if there are, I bet only
AF> implementations where client cannot verify if server supports TLS
AF> (like initial SMTP implementation) are being deprecated.
They are everywhere, easy to find. I won't attempt listing them.
AI>> BinkIT's mailer uses implicit TLS and is very secure and I would
AI>> like to be able to do this with binkd as well, since I use binkd
AI>> on my node 153/757.
AF> Let's start talking about "very secure" when there will be a mechanism
AF> to verify/trust peers' certificates. Right now it's as secure as plain
AF> text.
Is implicit TLS anything less than very secure?
How is it "as secure as plain text" ?
AI>> If binkd could listen on a secure TLS port (24553) and poll nodes
AI>> listening on a secure port I'm sure it would be widely accepted
AI>> although I wouldn't guess a pecentage.
AF> Yeah, the problem is that it won't magically start doing that.
I'm not suggesting magic. For now, nodes who want binkd to listen for TLS will
need to run a second listener.
AI>> For a start there is the BinkIT mailer that supports TLS now.
AF> Great. How many sysops are using it?
I have one link using the binkit mailer. How many use it is unknown to me.
AI>> There are other mailers in use also that likely won't be updated
AI>> (Argus/Irex) but I think the binkd mailer is the most used today
AI>> looking at my own logs. If binkd supported TLS most nodes could
AI>> use it if they choose to.
AF> Have you seen binkd configuration? Currently it is not possible to
AF> define a node supporting two protocols specifying ports. And
AF> hardcoding TLS port is not an option obviously.
Ultimately I would like binkd to listen on port 24553 for incoming polls over
TLS, and I need a way to configure binkd to poll supporting nodes over TLS
where it is supported.
That was an easy sentence to write but may not be so easy to impliment.
The above sums up my thoughts on the matter. That can work now. I am still not
to a point where I would ask the binkd deveolopers for anything. In fact, the
binkd developers may have other ideas around what a binkps protocol might look
like.
AF> And if we imagine that node syntax will be changed, binkd nodelist
AF> parser(s) will need to be updated as well in order to understand
AF> nodelist flag where binkps port is specified (similar to IBN).
When we have a binkps standard to work with we can do all that.
Ttyl :-),
Al
--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)
|