Subj : BINKP over TLS
To   : Alexey Fayans
From : Rob Swindell
Date : Fri Dec 20 2019 09:56 am

  Re: BINKP over TLS
  By: Alexey Fayans to Rob Swindell on Fri Dec 20 2019 04:12 pm

 > Hello Rob!
 >
 > On Thu, 19 Dec 2019 at 15:43 -0800, you wrote to me:
 >
 >  >> The whole sentence is wrong. CA is required to make sure that the
 >  >> certificate provided by server was not replaced by an attacker
 >  >> during MitM attack. With self-signed certificate you can never tell
 >  >> that you are connecting to the real system, unless you know a CA
 >  >> pubkey used to sign that self-signed certificate. That's kinda
 >  >> basic stuff.
 >  RS> True, if you're concerned about active MitM attacks (not just
 >  RS> passive-snooping).
 >
 > Isn't it your main argument against STARTTLS?

Under no case is Opportunistic TLS (e.g. STARTTLS) as secure as Implicit TLS. Yes, the use of self-signed certs is less secure than CA-signed certs, but that's a different matter and true for both Opportunistic and Implicit TLS.

 >  RS> But if you're concerned about active MitM attacks,
 >  RS> then you don't want to use STARTTLS either.
 >
 > Why not? It is perfectly mitigated and I explained that a few times already.
 > You gotta stop looking back at old SMTP implementation that wasn't designed
 > against active MitM attacks in the first place.

I look at all the applications of Opportunistic TLS and they're all less secure than Implicit TLS.

                                            digital man

Synchronet/BBS Terminology Definition #73:
TCP = Transmission Control Protocol
Norco, CA WX: 66.7øF, 22.0% humidity, 3 mph WSW wind, 0.00 inches rain/24hrs

.