... darkrealms ...

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

BINKD

Support for the Internet BinKD mailer

8,958 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 6,521 of 8,958

Rob Swindell to Alexey Fayans

BINKP over TLS

20 Dec 19 09:56:21

   TZUTC: -0800   
   MSGID: 7265.binkd@1:103/705 22625da6   
   REPLY: 2:5030/1997@fidonet 5dfcc965   
   PID: Synchronet 3.17c-Linux  Dec 12 2019 GCC 6.3.0   
   TID: SBBSecho 3.10-Linux r3.148 Dec 12 2019 GCC 6.3.0   
   COLS: 80   
   CHRS: CP437 2   
   NOTE: FSEditor.js v1.103   
     Re: BINKP over TLS   
     By: Alexey Fayans to Rob Swindell on Fri Dec 20 2019 04:12 pm   
      
    > Hello Rob!   
    >   
    > On Thu, 19 Dec 2019 at 15:43 -0800, you wrote to me:   
    >   
    >  >> The whole sentence is wrong. CA is required to make sure that the   
    >  >> certificate provided by server was not replaced by an attacker   
    >  >> during MitM attack. With self-signed certificate you can never tell   
    >  >> that you are connecting to the real system, unless you know a CA   
    >  >> pubkey used to sign that self-signed certificate. That's kinda   
    >  >> basic stuff.   
    >  RS> True, if you're concerned about active MitM attacks (not just   
    >  RS> passive-snooping).   
    >   
    > Isn't it your main argument against STARTTLS?   
      
   Under no case is Opportunistic TLS (e.g. STARTTLS) as secure as Implicit TLS.   
   Yes, the use of self-signed certs is less secure than CA-signed certs, but   
   that's a different matter and true for both Opportunistic and Implicit TLS.   
      
    >  RS> But if you're concerned about active MitM attacks,   
    >  RS> then you don't want to use STARTTLS either.   
    >   
    > Why not? It is perfectly mitigated and I explained that a few times already.   
    > You gotta stop looking back at old SMTP implementation that wasn't designed   
    > against active MitM attacks in the first place.   
      
   I look at all the applications of Opportunistic TLS and they're all less   
   secure than Implicit TLS.   
      
                                               digital man   
      
   Synchronet/BBS Terminology Definition #73:   
   TCP = Transmission Control Protocol   
   Norco, CA WX: 66.7øF, 22.0% humidity, 3 mph WSW wind, 0.00 inches rain/24hrs   
   --- SBBSecho 3.10-Linux   
    * Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)   
   SEEN-BY: 1/123 90/1 103/705 154/10 203/0 218/700 221/0 227/114 229/101   
   SEEN-BY: 229/200 354 426 1014 240/5832 249/307 317 280/464 5003 5555   
   SEEN-BY: 292/854 310/31 342/200 396/45 423/120 712/848 770/1 2452/250   
   PATH: 103/705 280/464 229/426

[ << oldest | < older | list | newer > | newest >> ]