home bbs files messages ]

Just a sample of the Echomail archive

Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.

   BINKD      Support for the Internet BinKD mailer      8,958 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 6,905 of 8,958   
   Oli to Tony Langdon   
   Security   
   04 May 20 11:50:20   
   
   MSGID: 2:280/464.47 5eafe55c   
   REPLY: 1814.fido-binkd@3:633/410 23148e36   
   PID: JamNNTPd/Linux 1   
   CHRS: LATIN-1 2   
   TZUTC: 0200   
   TID: CrashMail II/Linux 1.7   
   Tony wrote (2020-05-04):   
      
    AI>> It's possible to use a self signed certificate. I don't know the   
    AI>> ramifications of a self signed certificate vs letsencrypt but it   
    AI>> might provide the security and privacy we need.   
      
    TL> Encryption will be fine, but self signed just means you can't trust the   
    TL> other end to be who they say they are.   
      
   Works fine with SSH. Trust on first use (TOFU) works with TLS too. There is   
   also DANE / TLSA-records to put the (hash of the) public key in DNS. You could   
   also put it in the nodelist itself.   
      
    TL> But that's a call the BBS networks have to make.   
      
   This is like: that's a call the Internet has to make.   
      
    AI>> Currently I use a certificate from letsencrypt.   
      
    TL> I'm not currently running binkps.  It's been a moving target, and as I've   
    TL> said, I won't bother jumping through hoops and binkd doesn't yet support   
    TL> TLS natively (that I'm aware of).   
      
   Native support in binkd would be nice, on the other hand the workarounds are   
   not that difficult.   
      
   Outgoing connections are easy with binkd:   
      
   node 5:6/7@fidonet -pipe "gnutls-cli --logfile /dev/null --no-ca-verification   
   --strict-tofu --disable-sni *H:24553"   
      
   Incoming connections with haproxy are three lines (works for every mailer):   
      
   listen binkps   
     bind :::24553 ssl crt fidonet.pem   
     server binkd 127.0.0.1:24554   
      
   Synchronet's BinkIT does support TLS already. But only jumping through hoops   
   (with binkd) gives you TLS 1.3 connections.   
      
   ---   
    * Origin:  (2:280/464.47)   
   SEEN-BY: 1/123 90/1 120/340 601 220/50 226/30 227/114 702 229/100   
   SEEN-BY: 229/101 200 426 664 1014 240/5832 249/109 307 317 292/854   
   SEEN-BY: 342/200   
   PATH: 280/464 229/101 426   
      

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca