Subj : RE: Secure binkp To : Oli From : NuSkooler Date : Tue Nov 26 2019 07:15 pm Oli around Tuesday, November 26th... Ol> Is it possible to choose insecure ciphersuites with TLS 1.3? I don't know of any that are currently considered insecure, no. Twas Tuesday, November 26th when Oli said... Ol> But how important is the support for _very_ old hardware? Is anyone still Ol> developing Fidonet software for these computers, especially a binkp Ol> mailer? Does binkp still compile for Amiga 68k? Is it possbile to use any Ol> secure encryption (by todays standards) on these machines? I know a lot of people are running FTN on older hardware. I have no idea if any of them are running bink. ...but presumably, they need to talk to newer hardware that is, and if it's encrypted... It's a tough situation I guess. Even with older hardware that doesn't support AES-NI, the kind of traffic we're talking for the BBS world is probably a non-issue as long as said hardware can even do *any* semi modern crypto. Oli around Tuesday, November 26th... Ol> There are two options: 1) You just run your old software with no or weak Ol> encryption as all the other nodes do today. 2) You do the encryption on Ol> another device. With something more standard like TLS this becomes easier since you can do TLS termination via HAProxy or similar, so I guess that's the work around for older setups. On Tuesday, November 26th Oli was heard saying... Ol> I would like to avoid this. This would open another can of worms. Build in support for Let's Encrypt :) Twas Tuesday, November 26th when Oli said... Ol> What do you mean with e2e encryption in this context? e2e on the network Ol> level or on the message level? Application level protocol, same layer as TLS lives. Was mostly tossing that out there, I don't know that it's a good idea in any way due to the various limitations that need to be overcome (e.g. the offloading for older setups, writing the stuff in various languages, so on.) -- >> NuSkooler >> Xibalba BBS @ xibalba.l33t.codes / 44510(telnet) 44511(ssh) >> ENiGMA 1/2 BBS WHQ | Phenom | 67 | iMPURE | ACiDic --- ENiGMA 1/2 v0.0.11-beta (linux; x64; 12.13.1) * Origin: Xibalba -+- xibalba.l33t.codes:44510 (21:1/121) .