REPLY: 2:280/5555 5eaeccbc   
   MSGID: 1:153/757 5eaf15d4   
   CHRS: UTF-8 2   
   TZUTC: -0700   
   TID: hpt/lnx 1.9.0-cur 2020-04-15   
   Hello Michiel,   
      
    AI>> Binkp over TLS is secure and provides privacy in a new and robust   
    AI>> way.   
      
    MV> Security against what threats and privacy against which snooping eyes?   
      
   Actually, TLS is not really new. It started as SSL from a bygone era and TLS   
   is what we have today. It has and continues to evolve.   
      
   Snooping eyes are everywhere. They are unseen doing I don't know what. We have   
   the technology and I suggest we use it. It already exists so we don't have to   
   develop anything at all, we just need to support it.   
      
    MV> The biggest potential invasion of privacy in Fidonet are sysops   
    MV> snooping om in transit mail. TLS does not protect against that.   
      
   That is true. We could (and I'm surprised we haven't) develop a way to encrypt   
   tansit mail if we wanted too.   
      
   Mystic does this. It has support for this by using an AES256 encryption key   
   between links. If Mystic operators use this feature netmail between nodes is   
   encrypted. I think this all happens when tossing so it (or something like it)   
   could be used in Fidonet generally if the software supports it. I'm not sure   
   if that would be better implemeted in the mailer or tosser. Probably the   
   tosser.   
      
    MV> The best strategy against snooping governments is to not be of   
    MV> interest. I doubt TLS is safe against the resources of governments.   
      
   TLS is open source. Governments could outlaw it if they wanted to raise the   
   ire of the people but I don't think that is going to happen.   
      
    AI>> It's a natural movement forward.   
      
    MV> Binkd already has build in encryption. I do not think the added value   
    MV> of TLS is worth the effort and overhead. Not for Fidonet...   
      
   That was a very good addition that the binkd developers added to binkd at the   
   time. It was powerful and ahead of it's time. That must have been twenty years   
   ago when SSL was not largely known or easy to implement.   
      
   That algorithm was also cracked about 20 years ago. It's still better than   
   nothing but TLS would be a good addition today. The crypt option does not   
   provide security today.   
      
    AI>> It's not easy to do in all mailers, but if it was and it was   
    AI>> supported and available by your links and your own mailer would   
    AI>> you use it?   
      
    MV> I don't know. If I'd have to go through the hassle of getting a   
    MV> certificate and pay for it and renew it every tweo years, probably   
    MV> not. And I do not trust LetsEncrypt.   
      
   It's possible to use a self signed certificate. I don't know the ramifications   
   of a self signed certificate vs letsencrypt but it might provide the security   
   and privacy we need.   
      
   Currently I use a certificate from letsencrypt.   
      
    Ttyl :-),   
            Al   
      
   --- GoldED+/LNX   
    * Origin: The Rusty MailBox - Penticton, BC Canada (1:153/757)   
   SEEN-BY: 1/123 90/1 120/340 601 220/50 226/30 227/114 702 229/100   
   SEEN-BY: 229/101 200 426 664 1014 240/5832 249/109 307 317 292/854   
   SEEN-BY: 342/200   
   PATH: 153/757 261/38 712/848 280/464 229/101 426