REPLY: 2:5030/1997@fidonet 5dfbee35   
   MSGID: 1:153/757 5dfc0a31   
   CHRS: UTF-8 2   
   TZUTC: -0800   
   TID: hpt/lnx 1.9.0-cur 2019-12-05   
   Hello Alexey,   
      
    AI>> I don't think STARTTLS is what we want today.   
      
    AF> Why?   
      
   Because of what I have read others say on the subject. I really have no good   
   idea why it is frowned upon.   
      
   The first encounter I had with binkps was about a year ago when SSL/TLS was   
   introduced in Mystic. Mystic has oppotunistic SSL/TLS support. It had to be   
   oppotunistic since James knew at the outset there would be mailers in the mix   
   that did not support SSL/TLS. James received a lot of feedback on the subject   
   that implicit TLS was the way to go rather that Opportunistic.   
      
   Since then I have looked up the subject. There is a mountain of information on   
   the subject and I have not read it all, but I don't see folks adopting STARTTLS   
    today, only depricating it.   
      
    AI>> In the early going of TLS it was probably the only way forward   
    AI>> since there were many destinations that did not support TLS, that   
    AI>> is not the case today. I don't read of anyone adopting STARTTLS   
    AI>> today, only depricating it.   
      
    AF> I only see a proposal to deprecate STARTTLS _implementation_ in SMTP   
    AF> and other e-mail protocols because obviously implementation has flaws.   
    AF> If implemented properly, I don't see any reason for deprecation.   
      
   The proposal to depricate STARTTLS is enough for me to depricate it. I am   
   relying the the experience of others and best practise today.   
      
    AI>> If binkps over TLS was implemented today I think implicit TLS is   
    AI>> the way to do it.   
      
    AF> I don't agree. If it will be implemented this way, I can bet it will   
    AF> be adopted by less than 1% of systems.   
      
   In discussions I have had, I have recieved only possitive feedback on the idea   
   of implementing binkps with TLS. I will go ahead and implement binkps in my own   
    setup when I can, with nodes who wish it and support it.   
      
   I have done this already with Mystic's mailer (Mystic's implementation needs   
   work) and Synchronet's BinkIT mailer. binkps using TLS is a reality today for   
   those using the BinkIT mailer. I have successfully sent and recieved netmail   
   using Synchronet's BinkIT mailer with binkd on the remote side.   
      
   BinkIT's mailer uses implicit TLS and is very secure and I would like to be   
   able to do this with binkd as well, since I use binkd on my node 153/757.   
      
   If binkd could listen on a secure TLS port (24553) and poll nodes listening on   
   a secure port I'm sure it would be widely accepted although I wouldn't guess a   
   pecentage.   
      
    AI>> We need a binkps listener on port 24553 (or the post you   
    AI>> intend to use) and a way to start a poll to such a listener.   
      
    AF> And for that we will need a lot of software updated on a lot of   
    AF> systems. Which will most probably never happen.   
      
   For a start there is the BinkIT mailer that supports TLS now. There are other   
   mailers in use also that likely won't be updated (Argus/Irex) but I think the   
   binkd mailer is the most used today looking at my own logs. If binkd supported   
   TLS most nodes could use it if they choose to.   
      
   It would be used here at my node.   
      
    AI>> I would be willing to test TLS with you if you like, even using   
    AI>> STARTTLS. If we got some testing under our belt we could discover   
    AI>> what works and what doesn't and be in a better position to give   
    AI>> feedback to the binkd developer(s).   
      
    AF> I am not a true coder, at least, I don't have enough skill/time to   
    AF> implement any kind of TLS support in binkd. If someone will do it,   
    AF> I'll be happy to test.   
      
   I am going to ask some nodes who have done this for advice on how they did it   
   and if I can do it will netmail you my findings and we can do some testing if   
   you would like.   
      
   I just need to get a bit of free time.   
      
    Ttyl :-),   
            Al   
      
   --- GoldED+/LNX 1.1.5-b20180707   
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)   
   SEEN-BY: 1/123 57/0 90/1 103/705 153/250 154/10 203/0 220/70 221/0   
   SEEN-BY: 227/114 229/101 200 354 426 1014 240/5832 249/307 317 267/800   
   SEEN-BY: 280/464 5003 5555 292/854 310/31 317/3 342/200 396/45 423/120   
   SEEN-BY: 712/848 770/0 1 100 340 772/0 1 210 500 2452/250   
   PATH: 153/757 250 770/1 280/464 229/426