1. Forum
  2. FSXNet
  3. FSX MYS

  • Secure binkp

    From Oli@21:1/151 to Al on Wednesday, January 29, 2020 10:45:44
    29 Jan 20 01:01, you wrote to g00r00:

    I don't think BinkD's secure mode is the same thing but I could
    be wrong. My copy of binkd is from 2011 so I haven't kept up.

    Binkd doesn't have support for secure binkp although you can use
    options on the node line to poll a node suppoting binkp over
    TLS.

    I think g00r00 was refering to BinkD's CRYPT mode, which works for connections with a session password.

    When we talk about secure binkp or binkps (which I prefer) we mean direct TLS (like in https, imaps, ...).

    Mystic uses opportunistic TLS (like STARTTLS in smtp).

    and then we also have binkp over overlay networks (e.g. Tor hidden service)

    and some nodes / networks use VPN for encrypting the traffic.

    A future option would be binkp over QUIC.

    Plenty of options, but none that is supported by all the major mailers.




    --- Garbage v1.12💩A44
    * Origin: đŸĻ„ 🌈 (21:1/151)
  • From Oli@21:1/151 to Al on Wednesday, January 29, 2020 13:25:32
    29 Jan 20 04:09, you wrote to me:

    A future option would be binkp over QUIC.

    I've heard of QUIC but I don't know what that is but I do know
    what TLS is. TLS is available to everyone and probably a good
    solution for today.

    And in what way is QUIC less available to everyone?

    TLS will do what we need.

    TLS is baked into the QUIC protocol.

    If we want to add better encryption to binkp, why not directly use the best protocol that is available?

    --- Very Stable Genius v1.12 A44
    * Origin: đŸĻ„ 🌈 (21:1/151)
  • From Al@21:4/106 to g00r00 on Wednesday, January 29, 2020 01:01:18
    I don't think BinkD's secure mode is the same thing but I could be
    wrong. My copy of binkd is from 2011 so I haven't kept up.

    Binkd doesn't have support for secure binkp although you can use options
    on the node line to poll a node suppoting binkp over TLS. I use this to
    poll a node supporting it..

    node 1:153/757@fidonet -pipe "openssl s_client -quiet -alpn binkp
    -connect *H:*I" trmb.ca:24553 - c

    The above example is for my own binkd server. You (or anyone reading) can
    feel free to poll my node over TLS if you'd like to do any testing.

    I actually have a webserver listening on port 24553 and passing the
    connection to binkd to do what it needs to do. Hopefully at some point
    this can be done by binkd itself.

    In the meantime Synchronet's BinkIT mailer also supports secure binkp
    using implicit TLS (by default on port 24553).


    Ttyl :-),
    Al

    --- MagickaBBS v0.13alpha (Linux/x86_64)
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Al@21:4/106 to Oli on Wednesday, January 29, 2020 04:09:54
    I think g00r00 was refering to BinkD's CRYPT mode, which works for connections with a session password.

    Yep, your probably right. That CRYPT mode was ahead of it's time when it
    was implimented, that was a long time ago.

    When we talk about secure binkp or binkps (which I prefer) we mean
    direct TLS (like in https, imaps, ...).

    Mystic uses opportunistic TLS (like STARTTLS in smtp).

    There seems to be some support for opportunist TLS in binkd circles but I prefer implicit myself. Where this will go remains to be seen.

    and then we also have binkp over overlay networks (e.g. Tor hidden service)

    and some nodes / networks use VPN for encrypting the traffic.

    I have experimented with some of that but I don't see nodes using it
    much. What I'd like to see is a simple and secure implemtation that nodes
    can use without too much further ado.

    A future option would be binkp over QUIC.

    Plenty of options, but none that is supported by all the major
    mailers.

    I've heard of QUIC but I don't know what that is but I do know what TLS
    is. TLS is available to everyone and probably a good solution for today. Security is a moving target so we need to be ready for change but I think
    for now and some time to come.. TLS will do what we need.


    Ttyl :-),
    Al

    --- MagickaBBS v0.13alpha (Linux/x86_64)
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Al@21:4/106 to Oli on Wednesday, January 29, 2020 05:06:38
    I've heard of QUIC but I don't know what that is but I do know
    what TLS is. TLS is available to everyone and probably a good
    solution for today.

    And in what way is QUIC less available to everyone?

    I couldn't say, I don't know what it is.

    TLS will do what we need.

    TLS is baked into the QUIC protocol.

    We have some support for TLS in fidoland. Synchronet supports it, Mystic supports it, and I am using it in binkd although I have glued it together
    and hope my glue will hold (I think so).

    I can't develop anything one way or the other. If the QUIC protocol would
    be better for this purpose you need to bring that up with those who are developing the protocols we use in FTN.

    We need some kind of standard to follow. I'm sure TLS would serve us
    well. QUIC might also, but I just don't know what it is.


    Ttyl :-),
    Al

    --- MagickaBBS v0.13alpha (Linux/x86_64)
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)