REPLY: 2:280/5555 5df8a7b8   
   MSGID: 1:153/757 5df8b39b   
   CHRS: UTF-8 2   
   TZUTC: -0800   
   TID: hpt/lnx 1.9.0-cur 2019-12-05   
   Hello Michiel,   
      
    MV> Then what problem ARE we trying to fix?   
      
   We are not trying to fix problems. We are trying to be secure.   
      
    MV> Apples and oranges. Nobogus solved problems created by rouge CLIENTS.   
    MV> TLS does not protect against that. It only authorises the /server/,   
    MV> not the /client/.   
      
   TLS needs to be supported and used by both client and server.   
      
    AI>> TLS certainly offers better security. No question.   
      
    MV> So you say. But merely claiming it is "better" is just like claiming   
    MV> aluminium is "better" than copper.   
      
    MV> In what way is TLS "better"? A claim of "better" security has to be   
    MV> more specific than just that. Better than what? Better against what   
    MV> threats and by whom?   
      
   I can't answer why, I don't know all the reasons why. TLS is the standard   
   method used today to secure traffic on the internet, and I would like to be   
   secure.   
      
   We could also just stand still and see how it goes. I am just being proactive   
   WRT security.   
      
    AI>> It does require some setup. Synchronet's BinkIT mailer currently   
    AI>> has support for a binkps listener setup like this in Synchronet's   
    AI>> services.ini   
      
    MV> The world of Fidonet is bigger than Synchronet (Thank god). You make   
    MV> it sound like "Synchronet supports it, so it must be a good thing".   
    MV> Sorry, I am not of the "Synchronet is better" club.   
      
   True. I want us all to be secure regardless of our choice of software.   
      
    AI>> This was all done without changing binkp. We have simply put   
    AI>> binkp on a secure channel.   
      
    MV> But why? I still have no answer for that. Let me put it this way:   
      
    MV> If binkd over TLS is the solution, what is the problem?   
      
   There is no problem here that we are trying to solve. Binkd currently supports   
   an option called CRYPT, for the purposes of security. That was a good option   
   when it was implemented. Today TLS is used for the purposes of security.   
      
   I could be all wrong but I think TLS is a better option, that's all.   
      
      
   Maybe I said that wrong. How about this. Binkd's CRYPT option is weak (by   
   todays standards). Maybe we should think about using something more up to date,   
    like TLS.   
      
    Ttyl :-),   
            Al   
      
   --- GoldED+/LNX 1.1.5-b20180707   
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)   
   SEEN-BY: 1/123 57/0 90/1 103/705 153/250 154/10 203/0 220/70 221/0   
   SEEN-BY: 227/114 229/101 200 354 426 1014 240/5832 249/307 317 267/800   
   SEEN-BY: 280/464 5003 5555 292/854 310/31 317/3 342/200 396/45 423/120   
   SEEN-BY: 712/848 770/0 1 100 340 772/0 1 210 500 2452/250   
   PATH: 153/757 250 770/1 280/464 229/426