... darkrealms ...

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

BINKD

Support for the Internet BinKD mailer

8,958 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 6,457 of 8,958

Wilfred van Velzen to Oli

Re: BINKP over TLS

14 Dec 19 15:51:17

   TID: FMail-lnx64 2.1.0.18-B20170815   
   RFC-X-No-Archive: Yes   
   TZUTC: 0100   
   CHRS: UTF-8 2   
   PID: GED+LNX 1.1.5-b20161221   
   MSGID: 2:280/464 5df4f6e7   
   REPLY: 2:280/464.47 5df48f6e   
   * Originally in FIDONEWS   
   * Crossposted in BINKD   
      
   Hi Oli,   
      
   On 2019-12-14 08:29:58, you wrote to Rob Swindell:   
      
    RS>> Cool. Next steps are probably to define (or get IANA to assign) an   
    RS>> "official" binkps TCP port number. And then maybe a nodelist flag   
    RS>> should be defined so nodes supporting binkps (instead-of or   
    RS>> in-addition-to binkp) can be automatically identified.   
      
    Ol> There is much more to do for the standardization. An IANA number is the   
    Ol> least important.   
      
   But we should agree in fidonet on the default/preferred port to use! So it   
   doesn't have to be specified in the nodelist if you use the default.   
   (24553 is unassigned by IANA)   
      
    Ol> Do we really need an official port number? Or is it better to rely on   
    Ol> other ways as many nodes use a non-standard port number anyway:   
    Ol> - SRV records (_binkps._tcp should be mandatory)   
      
   Not everyone's dns "interface" is able to set this I think.   
      
    Ol> - Nodelist flag (INBS?)   
      
   You mean IBNS: ? Most flags seem to be a 3 letter combination, so maybe use:   
   IBS: ?   
      
    Ol> - should we allow self-signed certificates? (yes)   
      
   With the existence of letsencrypt it's not really necessary. But I think it's   
   up to the individuals. As 'client' you should decide for yourself if you   
   really want to connect to a server with a selfsigned certificate.   
      
    Ol> - which TLS version are allowed? (>= TLS v1.3)   
      
   I think we should follow common practice on the "wider" internet...   
      
    Ol> - should the client use alpn?   
      
   If necessary. ;)   
      
   But I have access to a lot of linux machines, older and newer. But none of the   
   openssl and ncat versions I checked seem to support it...?   
      
   Bye, Wilfred.   
      
   --- FMail-lnx64 2.1.0.18-B20170815   
    * Origin: FMail development HQ (2:280/464)   
   SEEN-BY: 1/123 90/1 103/705 154/10 203/0 221/0 227/114 229/101 200   
   SEEN-BY: 229/354 426 1014 240/5832 249/307 317 280/464 5003 5555 292/854   
   SEEN-BY: 310/31 342/200 396/45 423/120 712/848 770/1 2452/250   
   PATH: 280/464 229/426

[ << oldest | < older | list | newer > | newest >> ]