TIP: Click on subject to list as thread! ANSI
echo: binkd
to: ROB SWINDELL
from: MICHIEL VAN DER VLIST
date: 2020-05-05 10:32:00
subject: Security
Hello Rob,

On Sunday May 03 2020 13:13, you wrote to me:

 >> AI> Binkp over TLS is secure and provides privacy in a new and robust
 >> AI> way.

 >> Security against what threats and privacy against which snooping
 >> eyes?

 RS> If the threats/snooping-eyes announced their presence and intentions,
 RS> they wouldn't be very effective, now would they?

If you do not know who or what you are defending against, how do you know the
defence is working at all?

 >> The biggest potential invasion of privacy in Fidonet are sysops
 >> snooping om in transit mail. TLS does not protect against that.

 RS> The second sentence is true.

We have had PGP to end to end encrypt mail for 25 years. We hardly used it
because most sysops would not route encrypted mail.

 >> The best strategy against snooping governments is to not be of
 >> interest.

 RS> False. You're *already* being snooped on by governments and you're not
 RS> interesting at all. You seem to be a very trusting person.

Things are not always what they seem. You conclusion is false.

 >> I doubt TLS is safe against the resources of governments.

 RS> It seems to be effective enough for data in-flight that they
 RS> (resources of governments) usually go after the persistent data on
 RS> either end of the transport instead.

So it is not effective against governments.

 >>  AI> It's a natural movement forward.
 >>
 >> Binkd already has build in encryption.

 RS> ... which is terrible.

So is the lock on my bathroom. It nevertheless serves a purpose.

 >> I do not think the added value of TL is worth the effort and
 >> overhead.

 RS> It was very little effort and unnoticeable overhead.

 >> Not for Fidonet...

 RS> For Fidonet proper, possibly true (though that depends on the content
 RS> of your netmail messages). For FTN, likely false.

I only use FTN for Fidonet.

 >> I don't know. If I'd have to go through the hassle of getting a
 >> certificate and pay for it and renew it every tweo years, probably
 >> not.

 RS> Free certs are available.

If it sounds to good to be true, it usually isn't.

 >> And I do not trust LetsEncrypt.

 RS> Now you don't sound like a very trusting person. That was a quick turn
 RS> around.

No turn around, I have a very suspicious mind. A;ways had.


Cheers, Michiel

--- GoldED+/W32-MSVC 1.1.5-b20170303
* Origin: http://www.vlist.eu (2:280/5555)
SOURCE: echomail via QWK@docsplace.org

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.