MSGID: 2:5030/1997@fidonet 5dfd91e9   
   REPLY: 1:153/757 5dfd5586   
   CHRS: CP866 2   
   TZUTC: 0300   
   TID: FastEcho 1.46.1 43272   
   Hello Alan!   
      
   On Fri, 20 Dec 2019 at 14:31 -0800, you wrote to me:   
      
    AF>> Let's start talking about "very secure" when there will be a   
    AF>> mechanism to verify/trust peers' certificates. Right now it's as   
    AF>> secure as plain text.   
    AI> Is implicit TLS anything less than very secure?   
    AI> How is it "as secure as plain text" ?   
      
   It is not secure at all when client cannot verify server's certificate   
   authenticity. Anyone in the middle can issue own self-signed certificate and   
   client will be happy to accept it.   
      
    AF>> Yeah, the problem is that it won't magically start doing that.   
    AI> I'm not suggesting magic. For now, nodes who want binkd to listen for   
    AI> TLS will need to run a second listener.   
      
   For now it's not even a FTS proposal, so we are not talking about now, we are   
   talking about what it can be if done properly.   
      
    AI>>> For a start there is the BinkIT mailer that supports TLS now.   
    AF>> Great. How many sysops are using it?   
    AI> I have one link using the binkit mailer. How many use it is unknown to   
    AI> me.   
      
   Not many. I don't have numbers, but I'd guess that binkd runs on like 90% of   
   all binkp nodes. The rest 10% is shared between multi-protocol mailers and   
   some exotic software like BinkIT (I never even heard of it before you named   
   it).   
      
    AF>> Have you seen binkd configuration? Currently it is not possible   
    AF>> to define a node supporting two protocols specifying ports. And   
    AF>> hardcoding TLS port is not an option obviously.   
    AI> Ultimately I would like binkd to listen on port 24553 for incoming   
    AI> polls over TLS, and I need a way to configure binkd to poll supporting   
    AI> nodes over TLS where it is supported.   
    AI> That was an easy sentence to write but may not be so easy to   
    AI> impliment.   
      
   You cannot force everyone to use a single port. At some places that just   
   cannot be done, i.e. when several nodes are sharing a single IP address.   
      
      
   ... Music Station BBS | https://bbs.bsrealm.net | telnet://bbs.bsrealm.net   
   --- GoldED+/W32-MSVC 1.1.5-b20180707   
    * Origin: Music Station | https://ms.bsrealm.net (2:5030/1997)   
   SEEN-BY: 1/123 50/109 90/1 103/705 154/10 203/0 221/0 6 227/114 229/101   
   SEEN-BY: 229/200 354 426 1014 240/5832 249/307 317 280/464 5003 5555   
   SEEN-BY: 292/854 310/31 342/200 396/45 423/120 451/30 452/166 463/68   
   SEEN-BY: 469/122 712/848 770/1 2452/250 5000/111 5001/100 5005/49   
   SEEN-BY: 5015/255 5019/40 42 5020/290 329 715 806 828 846 848 921   
   SEEN-BY: 5020/1042 1519 2047 2140 4441 12000 5022/128 5023/12 24 5030/1081   
   SEEN-BY: 5030/1900 1997 5034/13 5053/54 57 58 5054/8 5057/19 5060/900   
   SEEN-BY: 5064/56 5080/68 102 5083/444   
   PATH: 5030/1997 5023/24 5020/715 4441 1042 280/5555 464 229/426