Subj : RE: Secure binkp
To   : Oli
From : Al
Date : Mon Nov 25 2019 02:13 pm

Ol> On the one hand we have TLS 1.3 developed openly over years by the
Ol> key players in the industry and experts from the crypto community.
Ol> On the other hand we have the statement from Alexey about something
Ol> something insecure without pointing to any specific vulnerability.

Yes, I found that statement to be questionable, although when he said
that I have to look at that too.

Ol> There is a lot to criticize about Google, Mozilla and Cloudflare,
Ol> but when it comes to encryption I think they are doing a pretty
Ol> good job. The Snowden leaks  were a wake-up call and many were
Ol> pissed and angry. Since then there is a clear determination to
Ol> encrypt everything as secure as possible. If new vulnerabilities
Ol> are discovered, they will be fixed ...

My understanding is that TLS 1.3 is secure and a good way to proceed.

Ol> Maybe someone will implement a good alternative to TLS for binkp or
Ol> a completely new protocol, but I haven't seen any announcement.
Ol> Until then TLS (1.3) could provide strong encryption and is easy to
Ol> add (the other alternative  is encryption at the transport layer,
Ol> like VPN, Tor, i2p, IPsec, ...)

I don't know much about these alternate transport methods. My only
presence on the web is my BBSs web site.

I have heard IPsec but don't know what that is. Something to do with
IPv6? If connected via IPv6 do I have IPsec enabled or do I need to take
extra steps for that, and does it negate the need for other security like
TLS?

Ttyl :-),
        Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.