Hello Alan!

On Fri, 20 Dec 2019 at 14:31 -0800, you wrote to me:

 AF>> Let's start talking about "very secure" when there will be a
 AF>> mechanism to verify/trust peers' certificates. Right now it's as
 AF>> secure as plain text.
 AI> Is implicit TLS anything less than very secure?
 AI> How is it "as secure as plain text" ?

It is not secure at all when client cannot verify server's certificate
authenticity. Anyone in the middle can issue own self-signed certificate and
client will be happy to accept it.

 AF>> Yeah, the problem is that it won't magically start doing that.
 AI> I'm not suggesting magic. For now, nodes who want binkd to listen for
 AI> TLS will need to run a second listener.

For now it's not even a FTS proposal, so we are not talking about now, we are
talking about what it can be if done properly.

 AI>>> For a start there is the BinkIT mailer that supports TLS now.
 AF>> Great. How many sysops are using it?
 AI> I have one link using the binkit mailer. How many use it is unknown to
 AI> me.

Not many. I don't have numbers, but I'd guess that binkd runs on like 90% of
all binkp nodes. The rest 10% is shared between multi-protocol mailers and some
exotic software like BinkIT (I never even heard of it before you named it).

 AF>> Have you seen binkd configuration? Currently it is not possible
 AF>> to define a node supporting two protocols specifying ports. And
 AF>> hardcoding TLS port is not an option obviously.
 AI> Ultimately I would like binkd to listen on port 24553 for incoming
 AI> polls over TLS, and I need a way to configure binkd to poll supporting
 AI> nodes over TLS where it is supported.
 AI> That was an easy sentence to write but may not be so easy to
 AI> impliment.

You cannot force everyone to use a single port. At some places that just cannot
be done, i.e. when several nodes are sharing a single IP address.


... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net
--- GoldED+/W32-MSVC 1.1.5-b20180707