Subj : Is binkp/d's security model kaputt?
To   : tenser
From : Oli
Date : Fri Sep 03 2021 11:55 am

tenser wrote (2021-09-03):

 t> On 02 Sep 2021 at 09:42a, Oli pondered and said...

 Ol>> IMHO binkd/binkp offers lots of pseudo security and several
 Ol>> security and usability pitfalls. Are there any good workarounds or
 Ol>> do we need a binkp/2.0?

 t> What you really need is an HTTPS-based transport.

 t> Part of the issue is that there is the protocol (which is superfluous)
 t> and the implementation(s), which vary widely in terms of quality and
 t> robustness.  All of the points you raise with the protocol are obviated
 t> by using HTTPS instead: mutual authentication, secure transport, etc;
 t> also compression, parallelization, transfer resumption, checksumming,
 t> etc.

I thought about that too and I'm still not sure if I like or dislike the idea. It would make programming a mailer a lot easier. It's not hard to extend the protocol and less likely that you break compatibility to older mailers. It's even thinkable that in a parallel timeline they developed an http-based FTN protocol in the 90s and binkd was never a thing.

But it would be just another step to the complete HTTPification of the internet. Maybe just switch to the Internet Mail format ...

 t> A text-based serialization for article data using something like JSON
 t> would also be nice.

..... and something like JMAP ;P

---
 * Origin: . (21:3/102)

.