= Сообщение: 6447 из 7124 ====================================== FTSC_PUBLIC = От : James Coyle 1:129/215 21 Mar 22 15:16:53 Кому : Tim Schattkowsky 21 Mar 22 15:16:53 Тема : Re: Re^8: Directly include binary data in messages FGHI : area://FTSC_PUBLIC?msgid=1:129/215+96319cbd На : area://FTSC_PUBLIC?msgid=2:240/1120.29+4d634d0f = Кодировка сообщения определена как: ASCII ================================== Ответ: area://FTSC_PUBLIC?msgid=31923.ftsc_pub@1:103/705+26a2958b ============================================================================== TS> So is there now any implementation BinkP implementation using STARTTLS TS> and what are the details? TS> TS> BTW: RFC8314 suggests already in the introduction that for email, TS> implicit TLS should be preferred over STARTTLS :)
Yes there is. I did a STARTTLS-enabled BINKP a few years ago and its currently available in Mystic that you can download here:
I have sent the documentation over to Rob for implementation and/or feedback but I didn't want to post it here yet to avoid trolling. I'd be happy to e-mail it along to you as well if you're interested in supporting it!
TS> BTW: RFC8314 suggests already in the introduction that for email, TS> implicit TLS should be preferred over STARTTLS :)
Implicit would be great (and Mystic actually implements both implicit and opportunistic TLS v1.2 with BINKP), but the problem with implicit is two-fold:
1) For mass adoption, having a self-upgrading connection is probably the most realistic to be used. In other words, existing setups wouldn't have to be changed in order to support it. No additional nodelist flags, etc, would be needed. It wouldn't break any existing systems while those that support it would simply just work.
2) The IANA has denied officially giving us a port for BINKPS, which means that implicit SSL can never be an official standard unless they were to some how be persuaded to change their mind.
Mostly due to #2 it seems to me like the best approach for us to move forward would be to adopt Mystic's opportunistic TLS or some variation of it. Or to support both, ideally?
... That's not a bug, it's an undocumented feature
