NNTPS pointers
Grant Taylor
gtaylor at tnetconsulting.net
Tue Oct 19 21:58:18 UTC 2021
On 10/19/21 3:36 PM, Julien ÉLIE wrote:
> Hi Grant,
Hi Julien,
> Yep!
;-)
> Usually, either IPsec or stunnel with TCP wrappers is used for innd.
ACK
Would you please elaborate on what you mean by "stunnel with TCP
wrappers"? As in what is TCP wrappers doing to modify stunnel? Is it
just allowing / blocking access? If so, I'd think that a firewall could
do the same thing.
> Note that STARTTLS is now discouraged because of possible
> man-in-the-middle attacks. Implementations SHOULD use implicit TLS on
> port 563 (see RFC 8143).
Sure. Implicit TLS would be nice for NNTP (server-to-server). But, I
think that STARTTLS is the lesser of the evils (sub-optimal security vs
no security).
> It is tricky to implement in innd, with its channels...
> Same thing for COMPRESS, which would be useful to have in transit mode.
*nod*
> Patch welcome of course :-)
I'm not personally qualified to do write a patch.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/inn-workers/attachments/20211019/0b9341c8/attachment-0001.bin>
More information about the inn-workers
mailing list