MSGID: 2:5030/1997@fidonet 5df8ca80   
   REPLY: 1:153/757 5df8bb24   
   CHRS: CP866 2   
   TZUTC: 0300   
   TID: FastEcho 1.46.1 43272   
   Hello Alan!   
      
   On Tue, 17 Dec 2019 at 03:11 -0800, you wrote to me:   
      
    AI> I'm not going anywhere until I believe, in something. I don't mind   
    AI> having my beliefs proven to be worthless, in fact I appreciate it if   
    AI> they are in fact worthless.   
      
   Well, like I suggested earlier, you can read about STARTTLS on wikipedia,   
   where you will find confirmation of my words and more examples of weakness   
   mitigation, including DNS based (DANE) and MTA-STS (lHSTS for SMTP).   
      
    AI>>> That's why STARTTLS has been depricated.   
    AF>> It's not deprecated globally. Deprecation is only _proposed_ for   
    AF>> SMTP and other mail protocols and there are reasons for that, but   
    AF>> that doesn't mean it is deprecated for everything else.   
    AI> I have only ever used STARTTLS with smtp. If STARTTLS is proposed to   
    AI> be depricated for smtp I propose we depricate it here too.   
      
   There is absolutely no point in deprecating it. There are pros and cons   
   everywhere. Weak place of STARTTLS is STRIPTLS attack. In FIDONET we have a   
   nodelist to indicate support of TLS by a node, which mitigates this.   
      
    AF>> With STARTTLS none of this is a problem. Additional configuration   
    AF>> flag to require TLS connection is easy to implement, nodelist   
    AF>> flag is optional and may be used to tell client to require TLS   
    AF>> when connecting to supporting node, and additional DNS SRV   
    AF>> records are not needed as well.   
    AI> I don't think STARTTLS is going to fly. I really have no strong   
    AI> feelings for or against STARTTLS, I just don't think that is what   
    AI> anyone wants today.   
      
   I don't see any reasons why not. Any security method can be implemented in a   
   good or a bad way. If method weakness is taken into account when protocol is   
   designed, there is no problem with it. STARTTLS failed for SMTP because it was   
   not implemented in a secure way.   
      
      
   ... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net   
   --- GoldED+/W32-MSVC 1.1.5-b20180707   
    * Origin: Music Station | https://ms.bsrealm.net (2:5030/1997)   
   SEEN-BY: 1/123 50/109 90/1 103/705 154/10 203/0 221/0 6 227/114 229/101   
   SEEN-BY: 229/200 354 426 1014 240/5832 249/307 317 280/464 5003 5555   
   SEEN-BY: 292/854 310/31 342/200 396/45 423/120 451/30 452/166 463/68   
   SEEN-BY: 469/122 712/848 770/1 2452/250 5000/111 5001/100 5005/49   
   SEEN-BY: 5015/255 5019/40 42 5020/290 329 715 806 828 846 848 921   
   SEEN-BY: 5020/1042 1519 2047 2140 4441 12000 5022/128 5023/12 24 5030/1081   
   SEEN-BY: 5030/1900 1997 5034/13 5053/54 57 58 5054/8 5057/19 5060/900   
   SEEN-BY: 5064/56 5080/68 102 5083/444   
   PATH: 5030/1997 5023/24 5020/715 4441 1042 280/5555 464 229/426