Hello Michiel,

 MV>>> That does not make it better for use in Fidonet. Fidonet is not
 MV>>> the InterNet, it just makes use of it.

 AI>> There are very few dial-up nodes today. The vast majority of
 AI>> traffic today is carried over the internet. That is unavoidable
 AI>> unless we go back to dial-up and I don't think that is going to
 AI>> happen.

 MV> Sure POTS is on the way out. Fidonet uses the Internet as the main
 MV> means of transport. So?

My comment is simply a comment on your comment.

Binkd is and always has been a TCP/IP mailer. Fidonet is not the internet but
we are listening and talking over the internet.

 AI>> The TLS option is a very secure one.

 MV> There is no such thing as universal security. I have reason to trust
 MV> the electronic key that protects my car against theft. It does not
 MV> protect against a thief breaking into my house to steal the key. It
 MV> also does not protect against a thief with a row truck.

There are different approaches to security. You just need one that works for
you. I also have an onion address that I do/can use over the internet. It is
also very secure and fairly simple to impliment. I don't like that solution and
I don't think others would either so I am looking for something simple and
secure that isn't hard for nodes to implement.

 AI>>>> Maybe I said that wrong. How about this. Binkd's CRYPT option
 AI>>>> is weak (by todays standards).

 MV>>> In what way is it weak? Has it been cracked?

 AI>> Yes, many years ago.

 MV> In the context of Fidonet or in the context of PkZip?

That algorithm. The same is true of the algorithm used by rar. The folks behind
the rar archiver may has changed the algrithm they use today, I don't know.

 AI>>>> Maybe we should think about using something more up to date,
 AI>>>> like TLS.

 MV>>> "More up to date" is not better by definition. With governments
 MV>>> that keep pushing for backdoors in encryption, "someting more up
 MV>>> to date" may actually be a step back.

I still think the TLS option would serve us well.

 AI>> TLS has been developed in the open so no backdoors there.

 MV> 1) Open source is no absolute guarantee against backdoors or other
 MV> weaknesses.

Open source is free and available to everyone, including the source.

I think TLS is a good option but it's not the only one. We could come up with a
new protocol that does what we want/need it to do. Someone would need to do and
maintain that. If someone did that I would support their efforts.

TLS was designed for this purpose. With TLS already on the table I don't think
anyone will do that.

 MV> Sorry, I see TLS in Fidonet as shooting on a musquito with a canon.

Too much of a good thing?

I think TLS is a good way forward. It has already been implemented in BinkIT
and to some degree in Mystic. If binkd had support for it also these mailer
could communicate securely.

 Ttyl :-),
         Al

--- GoldED+/LNX 1.1.5-b20180707