Subj : RE: Secure binkp
To : Oli
From : NuSkooler
Date : Tue Nov 26 2019 07:15 pm
Oli around Tuesday, November 26th...
Ol> Is it possible to choose insecure ciphersuites with TLS 1.3?
I don't know of any that are currently considered insecure, no.
Twas Tuesday, November 26th when Oli said...
Ol> But how important is the support for _very_ old hardware? Is anyone still
Ol> developing Fidonet software for these computers, especially a binkp
Ol> mailer? Does binkp still compile for Amiga 68k? Is it possbile to use any
Ol> secure encryption (by todays standards) on these machines?
I know a lot of people are running FTN on older hardware. I have no idea if any
of them are running bink. ...but presumably, they need to talk to newer
hardware that is, and if it's encrypted... It's a tough situation I guess.
Even with older hardware that doesn't support AES-NI, the kind of traffic we're
talking for the BBS world is probably a non-issue as long as said hardware can
even do *any* semi modern crypto.
Oli around Tuesday, November 26th...
Ol> There are two options: 1) You just run your old software with no or weak
Ol> encryption as all the other nodes do today. 2) You do the encryption on
Ol> another device.
With something more standard like TLS this becomes easier since you can do TLS
termination via HAProxy or similar, so I guess that's the work around for older
setups.
On Tuesday, November 26th Oli was heard saying...
Ol> I would like to avoid this. This would open another can of worms.
Build in support for Let's Encrypt :)
Twas Tuesday, November 26th when Oli said...
Ol> What do you mean with e2e encryption in this context? e2e on the network
Ol> level or on the message level?
Application level protocol, same layer as TLS lives. Was mostly tossing that
out there, I don't know that it's a good idea in any way due to the various
limitations that need to be overcome (e.g. the offloading for older setups,
writing the stuff in various languages, so on.)
