Subj : Binkd and TLS
To   : Michiel van der Vlist
From : Alan Ianson
Date : Sun Dec 15 2019 02:15 am

Hello Michiel,

MV> That depends. But not using TLS is hardly "obscurity" isn't it?

We are an obscure group today but not because we use TLS or not.

MV> I am still puzzled. I appreciate that binkd over TLS may be an
MV> interesting challenge from the technical POV. As such I may give it a
MV> try myself one day if I figure out how to do it under Windows.

I am also going to try to do this and if I can accomplish that I am going to
keep on doing that with links that support it.

MV> I can understand why one would use https instead of http when dealing
MV> with sensitive information such as bank account numbers etc. But for
MV> Fidonet? What are you trying to hide/protect from whom?

I have nothing to hide. I would just prefer to be secure that unsecure.

MV> TLS does not hide the meta data such as what IP communicates with what
MV> other IP. Binkd already has encryption on the pkt content level.

I don't want or need to hide the fact I am on and using the internet. I would
like passwords to be hidden from anyone who might be snooping my traffic.

MV> Plus that 99% of Fidonet is echomail and encryting echomail makes
MV> little or no sense. For routed netmail, using encrytion on the
MV> transport level does not protect against snooping by sysops en route.

Mystic's implementation of all this includes netmail optionaly. When Mystic
nodes use an encryption key between nodes netmail between them is encrypted. If
it is stored, it is stored in an encrypted state.

I know this because I had a typo in my encryption key at one time and could not
read my own netmail.. :)

MV> So other than the pure sensation of a technical challenge, why?

It's not sensational. It is just security. Security must be important at some
level or there would not be a crypt option at all. I think TLS is just the way
it is done today. Someone told me there was a new big thing on the horizon, I
forget what it was called. We may need to move to something else one day, I
wouldn't even guess but I would be happy with TLS. I think that will do what we
need to do.. probably for some time to come.


Ttyl :-),
        Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)