REPLY: 2:5030/1997@fidonet 5dfcc840   
   MSGID: 1:153/757 5dfd5586   
   CHRS: UTF-8 2   
   TZUTC: -0800   
   TID: hpt/lnx 1.9.0-cur 2019-12-05   
   Hello Alexey,   
      
    AF> Well, it's not a strong argument you know.   
      
   It's not my intention to argue at all.   
      
    AI>> Since then I have looked up the subject. There is a mountain of   
    AI>> information on the subject and I have not read it all, but I   
    AI>> don't see folks adopting STARTTLS today, only depricating it.   
      
    AF> Any examples of real deprecations? Even if there are, I bet only   
    AF> implementations where client cannot verify if server supports TLS   
    AF> (like initial SMTP implementation) are being deprecated.   
      
   They are everywhere, easy to find. I won't attempt listing them.   
      
    AI>> BinkIT's mailer uses implicit TLS and is very secure and I would   
    AI>> like to be able to do this with binkd as well, since I use binkd   
    AI>> on my node 153/757.   
      
    AF> Let's start talking about "very secure" when there will be a mechanism   
    AF> to verify/trust peers' certificates. Right now it's as secure as plain   
    AF> text.   
      
   Is implicit TLS anything less than very secure?   
      
   How is it "as secure as plain text" ?   
      
    AI>> If binkd could listen on a secure TLS port (24553) and poll nodes   
    AI>> listening on a secure port I'm sure it would be widely accepted   
    AI>> although I wouldn't guess a pecentage.   
      
    AF> Yeah, the problem is that it won't magically start doing that.   
      
   I'm not suggesting magic. For now, nodes who want binkd to listen for TLS will   
   need to run a second listener.   
      
    AI>> For a start there is the BinkIT mailer that supports TLS now.   
      
    AF> Great. How many sysops are using it?   
      
   I have one link using the binkit mailer. How many use it is unknown to me.   
      
    AI>> There are other mailers in use also that likely won't be updated   
    AI>> (Argus/Irex) but I think the binkd mailer is the most used today   
    AI>> looking at my own logs. If binkd supported TLS most nodes could   
    AI>> use it if they choose to.   
      
    AF> Have you seen binkd configuration? Currently it is not possible to   
    AF> define a node supporting two protocols specifying ports. And   
    AF> hardcoding TLS port is not an option obviously.   
      
   Ultimately I would like binkd to listen on port 24553 for incoming polls over   
   TLS, and I need a way to configure binkd to poll supporting nodes over TLS   
   where it is supported.   
      
   That was an easy sentence to write but may not be so easy to impliment.   
      
   The above sums up my thoughts on the matter. That can work now. I am still not   
   to a point where I would ask the binkd deveolopers for anything. In fact, the   
   binkd developers may have other ideas around what a binkps protocol might look   
   like.   
      
    AF> And if we imagine that node syntax will be changed, binkd nodelist   
    AF> parser(s) will need to be updated as well in order to understand   
    AF> nodelist flag where binkps port is specified (similar to IBN).   
      
   When we have a binkps standard to work with we can do all that.   
      
    Ttyl :-),   
            Al   
      
   --- GoldED+/LNX 1.1.5-b20180707   
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)   
   SEEN-BY: 1/123 57/0 90/1 103/705 153/250 154/10 203/0 220/70 221/0   
   SEEN-BY: 227/114 229/101 200 354 426 1014 240/5832 249/307 317 267/800   
   SEEN-BY: 280/464 5003 5555 292/854 310/31 317/3 342/200 396/45 423/120   
   SEEN-BY: 712/848 770/0 1 100 340 772/0 1 210 500 2452/250   
   PATH: 153/757 250 770/1 280/464 229/426