Subj : FTSC
To   : Alan Ianson
From : Oli
Date : Fri Nov 22 2019 09:42 pm

ml>> binkd and others already have completely encrypted session
ml>> capabilities... even binkit has it ;)

AI> They do, and both mailers work very well with that encryption. Do
AI> mailers that support CRYPT need to negotiate a session and exchange
AI> passwords before the session can be encrypted?

Yes, you need a shared session password. It's also not a completely encrypted
transmission.

AI> Mystic has the ability to encrypt binkp sessions also (it uses
AI> cryptlib) although it hasn't fully matured and needs work.

AFAIK it uses opportunistic TLS (like STARTTLS). The Internet is moving away
from opportunistic encryption (RFC 8314, "Cleartext Considered Obsolete").
Mystics implementation is already a lame duck.

https://en.wikipedia.org/wiki/Opportunistic_TLS#Weaknesses_and_mitigations

AI> I was thinking about this and the posibility of a standard so
AI> different mailers could use secure binkp. Alexey said something about
AI> secure binkp that made me curious.

AI> Would binkp over TLS (or really, any secure method) be a good thing?

Why wouldn't it? :)

--- GoldED+/LNX 1.1.5-b20180707
* Origin: kakistocracy (2:280/464.47)