• Re: Iand alternaernative transports

    From Paul Hayton@21:1/101 to Alan Ianson on Tue Nov 19 13:36:40 2019
    On 18 Nov 2019 at 02:09p, Alan Ianson pondered and said...

    I don't have tor or an ON2 address, but I think it would be interesting to get binkp over TLS/SSL.
    Even binkd has no built-in support for TLS it is possible in both directions. We already talked about it in FSX_CRY :).

    Yes, I remember but you mentioned tor and proxy. I don't know these things. Maybe I can put them together, I'm not sure.

    I wonder generaly if binkp over SSL/TLS would be good thing or if the current way binkp works is good enough. Binkd and BinkIT (and possibly others) support the CRYPT option. Is that enough?

    If you'd like to test this out I'd be willing. I don't know what you mean by TLS proxy so I'd need to be educated about these things before any meaningful tests could be done.. :)

    I don't mind testing either, but as I say I don't know either so you
    would need to bring me up to speed.

    I'd be most interested in something that can be used with the binkp protocol (if that's desirable) in all it's various uses with binkd,
    BinkIT and other mailers that would/could use it.

    I am the same, although I have not found time to do so -yet. Will forward this over to FSX_CRY and work with you both on this. Be good to add that flag to
    a few more nodes in the nodelist.

    Best, Paul

    --- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Avon@21:1/101 to Al on Tue Nov 19 13:41:52 2019
    On 19 Nov 2019 at 01:36p, Paul Hayton pondered and said...

    I don't have tor or an ON2 address, but I think it would be interesting to get binkp over TLS/SSL.
    Even binkd has no built-in support for TLS it is possible in bot directions. We already talked about it in FSX_CRY :).


    Just starting a thread here from one in Fido. Happy to work with you both Oli/Al to get something running.

    --- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Al@21:4/106 to Avon on Mon Nov 18 19:24:16 2019
    Just starting a thread here from one in Fido. Happy to work with you
    both Oli/Al to get something running.

    Yep, gonna get going with something here.

    I just read Alexey Vissarionov say something about secure binkp in the FTSC_PULIC area.. sounds hopefull although I don't know what he meant by
    that. I'm hoping he'll shed some light on his thoughts and/or works with
    that.

    He is a binkd developer so he may have pointers for securing binkp when
    using binkd, we'll see what he has to say.

    Ttyl :-),
    Al

    --- MagickaBBS v0.13alpha (Linux/x86_64)
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Avon@21:1/101 to Al on Tue Nov 19 16:29:11 2019
    On 18 Nov 2019 at 07:24p, Al pondered and said...

    Yep, gonna get going with something here.
    I just read Alexey Vissarionov say something about secure binkp in the FTSC_PULIC area.. sounds hopefull although I don't know what he meant by that. I'm hoping he'll shed some light on his thoughts and/or works with that.

    He is a binkd developer so he may have pointers for securing binkp when using binkd, we'll see what he has to say.

    cool, yes I had on my to-do a test with Oli over this so we could confirm
    some polling with his TOR address.

    --- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
    * Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)
  • From Oli@21:1/151 to Al on Tue Nov 19 17:02:09 2019
    Just starting a thread here from one in Fido. Happy to work with
    you both Oli/Al to get something running.

    Yep, gonna get going with something here.

    With which "something" should we start?

    I just read Alexey Vissarionov say something about secure binkp in the FTSC_PULIC area.. sounds hopefull although I don't know what he meant
    by that. I'm hoping he'll shed some light on his thoughts and/or works with that.

    I also would like to know more about "secure binkp". To my knowledge it's not easy to create something that is significantlly better than direct TLS, but I'm
    not an encryption expert.

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: 🌈 (21:1/151)
  • From Al@21:4/106 to Oli on Tue Nov 19 15:58:34 2019
    Yep, gonna get going with something here.

    With which "something" should we start?

    I don't know what button to press.. :)

    Where do you think we should start, tor?

    Let me know what I need to start and I'll get started.

    I also would like to know more about "secure binkp". To my knowledge
    it's not easy to create something that is significantlly better than direct TLS, but I'm not an encryption expert.

    I once read Alexey say something about ssh. I could be mistaken but I
    don't think ssh is what we want in this case. I hope he'll explain what
    he means by secure binkp.

    Ttyl :-),
    Al

    --- MagickaBBS v0.13alpha (Linux/x86_64)
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Oli@21:1/151 to Al on Wed Nov 20 08:44:03 2019
    Yep, gonna get going with something here.

    With which "something" should we start?

    I don't know what button to press.. :)

    Where do you think we should start, tor?

    Let me know what I need to start and I'll get started.

    Tor it is.

    First you need to install Tor and then configure a hidden service (aka onion service):
    https://www.torproject.org/docs/tor-onion-service.html.en

    The short version:
    apt get install tor

    configure the service in /etc/tor/torrc, which looks like this (could be added to the end of the config file):

    HiddenServiceDir /var/lib/tor/hidden_service/ftn_v2
    HiddenServiceVersion 2
    HiddenServicePort 24554 127.0.0.1:24554

    HiddenServiceDir /var/lib/tor/hidden_service/ftn_v3
    HiddenServiceVersion 3
    HiddenServicePort 24554 127.0.0.1:24554

    Version 2 are the short addresses, version 3 the long addresses (which is the default in recent versions). Short is better for the nodelist, long has even better security, anonymity, ... (if that matters). You can have both or you can
    only use one of the two.
    Restart tor. You should find the generated address in /var/lib/tor/hidden_service/ftn_v3/hostname (or whatever pathname you have configured).

    Then we should be able to connect to your system over Tor.

    Additional options:

    You can use multiple ports with one onion address like:

    HiddenServiceDir /var/lib/tor/hidden_service/ftn_v3
    HiddenServicePort 24554 127.0.0.1:24554
    HiddenServicePort 2323 192.168.0.21:2323

    You can also use a seperate onion addresses for every service:

    HiddenServiceDir /var/lib/tor/hidden_service/bink1
    HiddenServicePort 24554 127.0.0.1:24554

    HiddenServiceDir /var/lib/tor/hidden_service/bink2
    HiddenServicePort 24554 127.0.0.1:24555

    HiddenServiceDir /var/lib/tor/hidden_service/bink3
    HiddenServicePort 24554 127.0.0.1:24556




    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: 🌈 (21:1/151)
  • From Oli@21:1/151 to Al on Wed Nov 20 08:50:31 2019
    I once read Alexey say something about ssh. I could be mistaken but I don't think ssh is what we want in this case. I hope he'll explain
    what he means by secure binkp.

    Why don't we want ssh? I think it could be a good option and has also some advantages over TLS. It depends on the specification and implementation though.
    I imagine there are multiple ways to use the SSH protocol with binkp. Some very elegant, others might be cringworthy.

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: 🌈 (21:1/151)
  • From Al@21:4/106 to Oli on Wed Nov 20 00:42:04 2019
    Let me know what I need to start and I'll get started.

    Tor it is.

    First you need to install Tor and then configure a hidden service (aka onion service):
    https://www.torproject.org/docs/tor-onion-service.html.en

    OK, I'll go have a look at this now.

    Ttyl :-),
    Al

    --- MagickaBBS v0.13alpha (Linux/x86_64)
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Al@21:4/106 to Oli on Wed Nov 20 00:46:36 2019
    Why don't we want ssh? I think it could be a good option and has also
    some advantages over TLS. It depends on the specification and implementation though. I imagine there are multiple ways to use the SSH protocol with binkp. Some very elegant, others might be cringworthy.

    Maybe I need to be more open minded.

    I tend to think of ssh as just a secure shell. I'm using ssh now as I
    write this on a BBS so I suppose binkp over ssh isn't such a stretch.

    I think scp might be more what we want but I'm open to ideas and
    different ways of doing things.

    Ultimately what I would like is secure binkp, easy to install and use for
    all ftn nodes.

    Ttyl :-),
    Al

    --- MagickaBBS v0.13alpha (Linux/x86_64)
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Oli@21:1/151 to Al on Wed Nov 20 10:57:22 2019
    Why don't we want ssh? I think it could be a good option and has
    also some advantages over TLS. It depends on the specification
    and implementation though. I imagine there are multiple ways to
    use the SSH protocol with binkp. Some very elegant, others might
    be cringworthy.

    Maybe I need to be more open minded.

    I tend to think of ssh as just a secure shell. I'm using ssh now as I write this on a BBS so I suppose binkp over ssh isn't such a stretch.

    The terminal thing is only one functionality of SSH. A SSH session can have several channels and there are differnet subsystem (e.g. sftp). From RFC 4254:

    A session is a remote execution of a program. The program may be a
    shell, an application, a system command, or some built-in subsystem.
    It may or may not have a tty, and may or may not involve X11
    forwarding. Multiple sessions can be active simultaneously.

    I don't understand all the internals, but my understanding is that SSH is designed to be used with other protocols.

    I think scp might be more what we want but I'm open to ideas and
    different ways of doing things.

    Ultimately what I would like is secure binkp, easy to install and use
    for all ftn nodes.

    +1

    and it should be really secure and not broken by design. Good enough for the next 20 years (in fidotime: the time other software need to catch up)


    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: 🌈 (21:1/151)
  • From Al@21:4/106 to Oli on Wed Nov 20 02:41:24 2019
    Hello Oli,

    Tor it is.

    First you need to install Tor and then configure a hidden service (aka onion service):
    https://www.torproject.org/docs/tor-onion-service.html.en

    If I've done this right my onion address is..

    unnp7cod2ek7teu4.onion


    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Oli@21:1/151 to Al on Wed Nov 20 12:08:55 2019
    Tor it is.

    If I've done this right my onion address is..

    unnp7cod2ek7teu4.onion

    12:08 [27342] BEGIN, binkd/1.1a-99/Linux
    12:08 [27342] clientmgr started
    12:08 [27343] using tor-proxy 127.0.0.1:9050/ for .onion address
    + 12:08 [27343] call to 21:4/106@fsxnet
    12:08 [27343] trying unnp7cod2ek7teu4.onion via socks 127.0.0.1:9050...
    12:08 [27343] connected
    12:08 [27343] connected to socks5 127.0.0.1:9050
    + 12:08 [27343] outgoing session with unnp7cod2ek7teu4.onion:24554
    - 12:08 [27343] OPT CRAM-MD5-f55767689f3ca1441b5df64a7cb6d2ee
    + 12:08 [27343] Remote requests MD mode
    - 12:08 [27343] SYS The Rusty MailBox
    - 12:08 [27343] TIME Wed, 20 Nov 2019 03:08:04 -0800
    - 12:08 [27343] VER binkd/1.0.5-pre5/Linux binkp/1.1
    + 12:08 [27343] addr: 21:4/106@fsxnet
    - 12:08 [27343] TRF 0 0
    + 12:08 [27343] Remote has 0b of mail and 0b of files for us
    - 12:08 [27343] OPT EXTCMD GZ BZ2
    + 12:08 [27343] Remote supports EXTCMD mode
    + 12:08 [27343] Remote supports GZ mode
    + 12:08 [27343] Remote supports BZ2 mode
    + 12:08 [27343] sending /srv/ftn/outbound/fsxnet/21.4.106.0.out as cb489628.pkt
    (862)
    + 12:08 [27343] sent: /srv/ftn/outbound/fsxnet/21.4.106.0.out (862, 862.00 CPS,
    21:4/106@fsxnet)
    + 12:08 [27343] done (to 21:4/106@fsxnet, OK, S/R: 1/0 (862/0 bytes))



    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: 🌈 (21:1/151)
  • From Oli@21:1/151 to Al on Wed Nov 20 12:29:23 2019
    20 Nov 19 12:08, I wrote to Al:

    - 12:08 [27343] VER binkd/1.0.5-pre5/Linux binkp/1.1

    Is your binkd build with perl support?

    $ binkd -vv
    Binkd 1.1a-99 (Oct 3 2019 15:18:24/Linux)
    Compilation flags: gcc, zlib, bzlib2, perl, https, amiga_4d_outbound. Facilities: fts5004 ipv6


    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: 🌈 (21:1/151)
  • From Al@21:4/106 to Oli on Wed Nov 20 03:50:20 2019
    Hello Oli,

    - 12:08 [27343] VER binkd/1.0.5-pre5/Linux binkp/1.1

    I suppose that version is what is going to be the next release, but I'm not sure.

    Is your binkd build with perl support?

    No, would perl support be useful? I could look into it.

    $ binkd -vv
    Binkd 1.1a-99 (Oct 3 2019 15:18:24/Linux)
    Compilation flags: gcc, zlib, bzlib2, perl, https, amiga_4d_outbound. Facilities: fts5004 ipv6

    $ binkd -vv
    Binkd 1.0.5-pre5 (Oct 27 2019 20:21:52/Linux)
    Compilation flags: gcc, zlib, bzlib2.
    Facilities: fsp1035 ipv6

    I don't think I need amiga outbound support. What is https and fts5004 support about?

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Al@21:4/106 to Oli on Wed Nov 20 04:17:20 2019
    Hello Oli,

    Is your binkd build with perl support?

    It does now, I added --with-perl and --with-proxy

    $ binkd -vv
    Binkd 1.0.5-pre5 (Nov 20 2019 04:10:27/Linux)
    Compilation flags: gcc, zlib, bzlib2, perl, https.
    Facilities: fsp1035 ipv6

    Ttyl :-),
    Al

    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)
  • From Oli@21:1/151 to Al on Wed Nov 20 13:30:10 2019
    Hi Al,

    - 12:08 [27343] VER binkd/1.0.5-pre5/Linux binkp/1.1

    I suppose that version is what is going to be the next release, but
    I'm not sure.

    I see many nodes that use binkd 1.1a-9x. I doubt that there will ever release version of 1.0.5, the last commit in the 1.0.x branch is from 2016.

    Is your binkd build with perl support?

    No, would perl support be useful? I could look into it.

    I uses a small perl script that automatically sets the Tor proxy if the hostname of the node is a .onion address, but you could also use the -pipe parameter with ncat:

    node 21:1/151 -pipe "ncat --proxy=127.0.0.1:9050 --proxy-type=socks5 *H *I" boqbccnwyumttwvh.onion

    $ binkd -vv
    Binkd 1.1a-99 (Oct 3 2019 15:18:24/Linux)
    Compilation flags: gcc, zlib, bzlib2, perl, https,
    amiga_4d_outbound.
    Facilities: fts5004 ipv6

    $ binkd -vv
    Binkd 1.0.5-pre5 (Oct 27 2019 20:21:52/Linux)
    Compilation flags: gcc, zlib, bzlib2.
    Facilities: fsp1035 ipv6

    I don't think I need amiga outbound support.

    Most likely not. I use it with a modified crashmail, because I don't like the hex numbers in the flo files.

    What is https and fts5004 support about?

    I think https is used for the http proxy, not sure.
    fts5004 enables fidonet address DNS lookups (binkp.net)


    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: 🌈 (21:1/151)
  • From Oli@21:1/151 to Al on Wed Nov 20 13:48:08 2019
    Is your binkd build with perl support?

    It does now, I added --with-perl and --with-proxy

    $ binkd -vv
    Binkd 1.0.5-pre5 (Nov 20 2019 04:10:27/Linux)
    Compilation flags: gcc, zlib, bzlib2, perl, https.
    Facilities: fsp1035 ipv6

    Great! You can try to use my perl script. Put this in your binkd.cfg file (adjust path):

    perl-hooks /etc/binkd/onion.pl
    perl-var tor-proxy 127.0.0.1:9050/

    This is the onion.pl script (it should be in your inbound directory now):

    sub on_call
    {
    if ($config{"tor-proxy"}) {
    foreach (split(/;/, $hosts)) {
    if ($_ =~ /\.onion\z/) {
    $hosts = $_;
    $socks = $config{"tor-proxy"};
    Log(4, "using tor-proxy $socks for .onion address");
    }
    }
    }
    return 1;
    }


    Now you could use this line for my node:

    node 21:1/151 boqbccnwyumttwvh.onion


    --- GoldED+/LNX 1.1.5-b20180707
    * Origin: 🌈 (21:1/151)
  • From Al@21:4/106 to Oli on Wed Nov 20 05:57:00 2019
    I suppose that version is what is going to be the next release, but
    I'm not sure.

    I see many nodes that use binkd 1.1a-9x. I doubt that there will ever release version of 1.0.5, the last commit in the 1.0.x branch is from 2016.

    Yep, I've used that too. I've stuck with this for a while to support
    their release effort but it doesn't look like any release is going to
    happen so I'll likely get back to 1.1a, might as well just do that now.

    $ binkd -vv
    Binkd 1.0.5-pre5 (Oct 27 2019 20:21:52/Linux)
    Compilation flags: gcc, zlib, bzlib2.
    Facilities: fsp1035 ipv6

    fts5004 enables fidonet address DNS lookups (binkp.net)

    fsp1035 and fts5004 made me go looking. fsp1035 is a standard now,
    fts5004. So both version support that.

    Ttyl :-),
    Al

    --- MagickaBBS v0.13alpha (Linux/x86_64)
    * Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)