Subj : FTSC
To   : Oli
From : Alan Ianson
Date : Fri Nov 22 2019 01:16 pm

Hello Oli,

AI>> They do, and both mailers work very well with that encryption. Do
AI>> mailers that support CRYPT need to negotiate a session and
AI>> exchange passwords before the session can be encrypted?

Ol> Yes, you need a shared session password. It's also not a completely
Ol> encrypted transmission.

This was a good start at the time it was implemeneted.

AI>> Mystic has the ability to encrypt binkp sessions also (it uses
AI>> cryptlib) although it hasn't fully matured and needs work.

Ol> AFAIK it uses opportunistic TLS (like STARTTLS). The Internet is
Ol> moving away from opportunistic encryption (RFC 8314, "Cleartext
Ol> Considered Obsolete"). Mystics implementation is already a lame duck.

Ol> https://en.wikipedia.org/wiki/Opportunistic_TLS#Weaknesses_and_mitigat
Ol> ions

Yes, James said that he used this method as a start because we still need to
use the current method when encryption is not supported at both sides of the
link. The idea (when it's possible) is to move away from opportunitic TLS.

AI>> Would binkp over TLS (or really, any secure method) be a good
AI>> thing?

Ol> Why wouldn't it? :)

I can't think of a reason. If we could get something to test we could discover
what works, what doesn't, and in time a standard method of doing this could be
established.

Then the FTSC could publish a standard. :)

Ttyl :-),
        Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.