Subj : RE: Secure binkp
To   : Oli
From : Al
Date : Mon Nov 25 2019 02:13 pm

 Ol> On the one hand we have TLS 1.3 developed openly over years by the
 Ol> key players in the industry and experts from the crypto community.
 Ol> On the other hand we have the statement from Alexey about something
 Ol> something insecure without pointing to any specific vulnerability.

Yes, I found that statement to be questionable, although when he said
that I have to look at that too.

 Ol> There is a lot to criticize about Google, Mozilla and Cloudflare,
 Ol> but when it comes to encryption I think they are doing a pretty
 Ol> good job. The Snowden leaks  were a wake-up call and many were
 Ol> pissed and angry. Since then there is a clear determination to
 Ol> encrypt everything as secure as possible. If new vulnerabilities
 Ol> are discovered, they will be fixed ... 

My understanding is that TLS 1.3 is secure and a good way to proceed.

 Ol> Maybe someone will implement a good alternative to TLS for binkp or
 Ol> a completely new protocol, but I haven't seen any announcement.
 Ol> Until then TLS (1.3) could provide strong encryption and is easy to
 Ol> add (the other alternative  is encryption at the transport layer,
 Ol> like VPN, Tor, i2p, IPsec, ...) 

I don't know much about these alternate transport methods. My only
presence on the web is my BBSs web site.

I have heard IPsec but don't know what that is. Something to do with
IPv6? If connected via IPv6 do I have IPsec enabled or do I need to take
extra steps for that, and does it negate the need for other security like
TLS?

 Ttyl :-),
         Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
 * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

.