TID: FMail-W32 2.1.3.7-B20170919   
   TZUTC: 0100   
   CHRS: CP850 2   
   MSGID: 2:280/5555 5df76b9e   
   REPLY: 2:221/0.0 5df61dfc   
   Hello Tommi,   
      
   On Sunday December 15 2019 13:50, you wrote to me:   
      
    TK> On 15.12.2019 9:29, Michiel van der Vlist - Alan Ianson :   
      
    MvdV>> So other than the pure sensation of a technical challenge, why?   
      
    TK> Why not? :)   
      
   I can think of several reasons:   
      
   1) Don't fix it if it ain't broke. I am not convinced yet that binkd's   
   security is broke and needs fixing. I am not convinced that TLS offers better   
   protection against snooping than what binkd alread hasy. Half of TLS is   
   providing authoritative identity to the server. I don't see any value for that   
   in Fidonet. TTBOMK there has been no case of someone succesfully setting up a   
   rogue node amd maskerading for someone else. If only because there is no   
   bussines model..   
      
   2) It violates the KISS principle. I see little or no added value in adding   
   TLS to Binkd. In the case of Binkd it just makes things more complicatied and   
   prone to misconfigutaion and other mishaps.   
      
   3) If it were integrated in Binkd it would be one thing, but I looked at   
   stunnel for Windows and it exists. But it does not look all that easy to   
   implement. There is lots of room for typos and other errors.   
      
   4) The stunnel method does not scale well. It has the same problem as running   
   an old IPv4 only application via a 6to4 proxy. Incoming is easy, outgoing   
   requires a dedicated setting for each destination. Does not scale well beyond   
   10 destinations or so.   
      
   5) A weakness of TLS is that it depends on a third party: the Certificate   
   Authority. I don't like to be dependant om a third party. Fidonet was designed   
   as a peer to peer network.   
      
   6) I suspect the main reason for the existance of certificates is that it is a   
   bussiness model for those issuing the certificates.   
      
      
   Cheers, Michiel   
      
   --- GoldED+/W32-MSVC 1.1.5-b20170303   
    * Origin: http://www.vlist.eu (2:280/5555)   
   SEEN-BY: 1/123 90/1 103/705 154/10 203/0 221/0 6 227/114 229/101 200   
   SEEN-BY: 229/354 426 1014 240/5832 249/307 317 280/464 5003 5555 292/854   
   SEEN-BY: 310/31 342/200 396/45 423/120 712/848 770/1 2452/250 5019/40   
   SEEN-BY: 5020/1042 5053/58   
   PATH: 280/5555 464 229/426