Subj : Re: Is binkp/d's security model kaputt?
To   : deon
From : tenser
Date : Thu Sep 23 2021 02:06 am

On 22 Sep 2021 at 05:47p, deon pondered and said...
 
 de> So I'm probably going to go down this path - but I'll provide options.
 de> 
 de> IE: if you specify a packet version, your HTTP post will give you a
 de> binary "bundle" of messages. If not, you get a json collection of
 de> mesages. That way, "old" systems can get packets that can be used by
 de> their old software, but something like wget could get their bundles. For
 de> "new" systems, it'll be a more

Whoa, time out here.  This is conflating two things: the transport
protocol, and the thing being transported.  This is a mistake that
the BBS people made and continue to make.

But HTTP has an answer for this: you add a `Content-Type:` header
to the HTTP request (or response) that can tell you exactly what
the message contains.

The thing to do here is define a small taxonomy of X- tokens
describing various BBS-centric formats and follow what the header
says.

--- Mystic BBS v1.12 A46 2020/08/26 (Linux/64)
 * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

.