... darkrealms ...

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

BINKD

Support for the Internet BinKD mailer

8,958 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 6,522 of 8,958

Alexey Fayans to Rob Swindell

BINKP over TLS

20 Dec 19 21:09:33

   MSGID: 2:5030/1997@fidonet 5dfd11a6   
   REPLY: 7265.binkd@1:103/705 22625da6   
   CHRS: CP866 2   
   TZUTC: 0300   
   TID: FastEcho 1.46.1 43272   
   Hello Rob!   
      
   On Fri, 20 Dec 2019 at 09:56 -0800, you wrote to me:   
      
    >> Isn't it your main argument against STARTTLS?   
    RS> Under no case is Opportunistic TLS (e.g. STARTTLS) as secure as   
    RS> Implicit TLS.   
      
   So far you didn't provide a single fact proving that good STARTTLS   
   implementation is less secure than TLS on a dedicated port.   
      
    RS> Yes, the use of self-signed certs is less secure than   
    RS> CA-signed certs, but that's a different matter and true for both   
    RS> Opportunistic and Implicit TLS.   
      
   Use of self-signed certs without a well-defined and implemented mandatory   
   mechanism to verify these certs (either trusted CA or any other similar way)   
   just turns whole security talk into a joke. Seriously.   
      
    >> Why not? It is perfectly mitigated and I explained that a few times   
    >> already. You gotta stop looking back at old SMTP implementation   
    >> that wasn't designed against active MitM attacks in the first   
    >> place.   
    RS> I look at all the applications of Opportunistic TLS and they're all   
    RS> less secure than Implicit TLS.   
      
   Examples? Maybe you are just looking at bad / not suitable implementations.   
   Not all implementations are focused on MitM protection and that is fine,   
   similar to use of self-signed certs just to make it a bit harder to sniff the   
   traffic.   
      
      
   ... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net   
   --- GoldED+/W32-MSVC 1.1.5-b20180707   
    * Origin: Music Station | https://ms.bsrealm.net (2:5030/1997)   
   SEEN-BY: 1/123 50/109 90/1 103/705 154/10 203/0 221/0 6 227/114 229/101   
   SEEN-BY: 229/200 354 426 1014 240/5832 249/307 317 280/464 5003 5555   
   SEEN-BY: 292/854 310/31 342/200 396/45 423/120 451/30 452/166 463/68   
   SEEN-BY: 469/122 712/848 770/1 2452/250 5000/111 5001/100 5005/49   
   SEEN-BY: 5015/255 5019/40 42 5020/290 329 715 806 828 846 848 921   
   SEEN-BY: 5020/1042 1519 2047 2140 4441 12000 5022/128 5023/12 24 5030/1081   
   SEEN-BY: 5030/1900 1997 5034/13 5053/54 57 58 5054/8 5057/19 5060/900   
   SEEN-BY: 5064/56 5080/68 102 5083/444   
   PATH: 5030/1997 5023/24 5020/715 4441 1042 280/5555 464 229/426

[ << oldest | < older | list | newer > | newest >> ]