MSGID: 2:5030/1997@fidonet 5dfbf544   
   REPLY: 2:280/464.47@fidonet 5dfb222f   
   CHRS: CP866 2   
   TZUTC: 0300   
   TID: FastEcho 1.46.1 43272   
   Hello Oli!   
      
   On Thu, 19 Dec 2019 at 07:38 +0100, you wrote to me:   
      
    AF>> 1. STARTTLS is the best option because:   
    Ol> How do you encrypt the metadata that is sent on connection? Can   
    Ol> STARTTLS negotiated before node infos are sent?   
      
   I think I already answered this question. One option is to wait for STARTTLS   
   command from client for a few seconds on incoming connection before sending   
   metadata. That will introduce a few seconds connection delay with older   
   clients, though. There might be a better solution, I just don't know the binkp   
   protocol good enough.   
      
    Ol> Will this add another roundtrip?   
    Ol> Direct TLS will give us a quick path to QUIC, which would reduce   
    Ol> connection times instead of making the protocol slower.   
      
   Things like that matter in real-time applications, i.e. ajax web pages that   
   make thousands of small requests to server. Not our case really.   
      
    AF>> 2. For any kind of TLS something must be decided on certificate   
    AF>> authority.   
    Ol> Or don't us a CA. There is DANE, TOFU and we still have the encrypted   
    Ol> session password for authentication ...   
      
   Without CA the whole thing is just pointless and subject to simple MitM   
   attack. So why even talking about security?   
      
   DANE and TOFU are ways to tell that the system supports TLS, not a way to   
   verify its certificate.   
      
      
   ... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net   
   --- GoldED+/W32-MSVC 1.1.5-b20180707   
    * Origin: Music Station | https://ms.bsrealm.net (2:5030/1997)   
   SEEN-BY: 1/123 50/109 90/1 103/705 154/10 203/0 221/0 6 227/114 229/101   
   SEEN-BY: 229/200 354 426 1014 240/5832 249/307 317 280/464 5003 5555   
   SEEN-BY: 292/854 310/31 342/200 396/45 423/120 451/30 452/166 463/68   
   SEEN-BY: 469/122 712/848 770/1 2452/250 5000/111 5001/100 5005/49   
   SEEN-BY: 5015/255 5019/40 42 5020/290 329 715 806 828 846 848 921   
   SEEN-BY: 5020/1042 1519 2047 2140 4441 12000 5022/128 5023/12 24 5030/1081   
   SEEN-BY: 5030/1900 1997 5034/13 5053/54 57 58 5054/8 5057/19 5060/900   
   SEEN-BY: 5064/56 5080/68 102 5083/444   
   PATH: 5030/1997 5023/24 5020/715 4441 1042 280/5555 464 229/426