I have binkd up & running and just noticed that I'm not sending CRYPT on the OPT line. I'm sending out:
OPT EXTCMD GZ BZ2
Is there something else I need to add when compiling or is there something I need to add to binkd.conf to enable crypt?
I have binkd up & running and just noticed that I'm not sending CRYPT
on the OPT line. I'm sending out:
OPT EXTCMD GZ BZ2
I've compiled binkd with:
./configure --with-perl --with-af-force --with-zlib --with-bzip2
$ binkd -vv
Binkd 1.1a-115 (Dec 29 2023 20:00:08/Linux)
Compilation flags: gcc, zlib, bzlib2, perl, af_force.
Facilities: fts5004 ipv6
Is there something else I need to add when compiling or is there
something I need to add to binkd.conf to enable crypt?
I have binkd up & running and just noticed that I'm not sending
CRYPT on the OPT line. I'm sending out:
OPT EXTCMD GZ BZ2
Is there something else I need to add when compiling or is there
something I need to add to binkd.conf to enable crypt?
If this is the same binkd - it looks like it is using crypt with clrghouz...
Is there something else I need to add when compiling or is there something I need to add to binkd.conf to enable crypt?
Is there something else I need to add when compiling or is there somethi need to add to binkd.conf to enable crypt?
Not all mailers support CRYPT. The mailer in BBBS doesn't and I'm not
sure about Mystic.
Not all mailers support CRYPT. The mailer in BBBS doesn't and I'm not
sure about Mystic.
Binkp's crypt option is pretty weak;
a much stronger alternative would be binkp over TLS.
Even better would be scraping binkp entirely, but I think that's unlikely.
That is actually possible. I think Mystic and Synchronet make that quite easy to do. Binkd can do it to with a little trickery.
That is actually possible. I think Mystic and Synchronet make that quite easy to do. Binkd can do it to with a little trickery.
That is actually possible. I think Mystic and Synchronet make
that quite easy to do. Binkd can do it to with a little trickery.
Interesting - do you know where this is documented? I'd love to give
it a read.
On Sunday, December 31st Al was heard saying...
That is actually possible. I think Mystic and Synchronet make that quite
easy to do. Binkd can do it to with a little trickery.
You can essentially do it with any system in which you can put a TLS terminating proxy in the middle. Problem is, it doesn't matter at all when you're talking to a bunch of other non-encrypted systems, so there isn't really much of a point IMO.
That is actually possible. I think Mystic and Synchronet make that quite
easy to do. Binkd can do it to with a little trickery.
Interesting - do you know where this is documented? I'd love to give it a read.
In Mystic you can start a listener on port 24553 (by default). You can also set nodes you are polling to poll securely.
In Mystic you can start a listener on port 24553 (by default). You can
also set nodes you are polling to poll securely.
Ah, yep, thanks :) was tracking the Mystic & Synchronet capability, was more interested in binkd being configured to use it.
I did this just as a test following Oli's instructions in the FSX_CRY
area and it worked well.
On Sunday, December 31st Al was heard saying...
That is actually possible. I think Mystic and Synchronet make that qu easy to do. Binkd can do it to with a little trickery.
You can essentially do it with any system in which you can put a TLS terminating proxy in the middle. Problem is, it doesn't matter at all
when you're talking to a bunch of other non-encrypted systems, so there isn't really much of a point IMO.
You can essentially do it with any system in which you can put a TLS terminating proxy in the middle. Problem is, it doesn't matter at all when you're talking to a bunch of other non-encrypted systems, so the isn't really much of a point IMO.
Oh, I don't know: incremental progress towards security as a
goal may be slow, but is still progress, no?
But also there could be someone accidentally misconfiguring something somewhere and burping a bunch of messages from one net into another. Or someone could gate everything to their Synchronet web message base. Any number of things. :P So I guess for this net to work, it'd have to be small.
I brought this up in the BINKD echo a few years ago thinking we could make this a default behaviour, or at least make it easier to impliment.
Oh, I don't know: incremental progress towards security as a goal may be slow, but is still progress, no?
Y'know, I always thought an FTN that was locked down to encrypted comms only would be kinda neat. Like, each node uses TLS, and the sysops of each BBS have to vet the users to give access to the conferences for that net. On top of that, maybe there could be a requirement that for the user to access the confs (in addition to security level) they'd need to be connected via SSH or secure websocket. Could be neat...
On Monday, January 1st Al muttered...
I brought this up in the BINKD echo a few years ago thinking we could
make this a default behaviour, or at least make it easier to impliment.
I think the main issue is older software and setups with true retro hardware - it's just not really viable to even perform TLS on that old hardware.
For a true encrypted exprerience, we need a new protocol that is *always* encrypted. Of course you can't stop people from exporting to non-encrypted areas though, but it's a start.
tenser around Wednesday, January 3rd...
Oh, I don't know: incremental progress towards security as a goal may slow, but is still progress, no?
I'd argue that it's just a false sense of security, which can be worse than none.
If we were to implement a *new* protocol that is always encrypted, that would be a better start -- only policy can prevent people from exposing the messages elsewhere though + old setups will inherently be left out.
On the otherhand, if you wanted to make an exclusive net, then I guess you'd have to make sure those you invite to the net weren't the sort to burp echomail.
sounds like me when I eat curry :)
sounds like me when I eat curry :)
lol!
Sysop: | Chris Crash |
---|---|
Location: | Huntington Beach, CA. |
Users: | 585 |
Nodes: | 8 (0 / 8) |
Uptime: | 26:53:49 |
Calls: | 10,757 |
Files: | 5 |
Messages: | 452,126 |