On 18 Nov 2019 at 02:09p, Alan Ianson pondered and said...

I don't have tor or an ON2 address, but I think it would be interesting to get binkp over TLS/SSL.

Even binkd has no built-in support for TLS it is possible in both directions. We already talked about it in FSX_CRY :).

Yes, I remember but you mentioned tor and proxy. I don't know these things. Maybe I can put them together, I'm not sure.

I wonder generaly if binkp over SSL/TLS would be good thing or if the current way binkp works is good enough. Binkd and BinkIT (and possibly others) support the CRYPT option. Is that enough?

If you'd like to test this out I'd be willing. I don't know what you mean by TLS proxy so I'd need to be educated about these things before any meaningful tests could be done.. :)

I don't mind testing either, but as I say I don't know either so you
would need to bring me up to speed.

I'd be most interested in something that can be used with the binkp protocol (if that's desirable) in all it's various uses with binkd,
BinkIT and other mailers that would/could use it.

I am the same, although I have not found time to do so -yet. Will forward this over to FSX_CRY and work with you both on this. Be good to add that flag to
a few more nodes in the nodelist.

Best, Paul

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

On 19 Nov 2019 at 01:36p, Paul Hayton pondered and said...

I don't have tor or an ON2 address, but I think it would be interesting to get binkp over TLS/SSL.

Even binkd has no built-in support for TLS it is possible in bot directions. We already talked about it in FSX_CRY :).

Just starting a thread here from one in Fido. Happy to work with you both Oli/Al to get something running.

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Just starting a thread here from one in Fido. Happy to work with you
both Oli/Al to get something running.

Yep, gonna get going with something here.

I just read Alexey Vissarionov say something about secure binkp in the FTSC_PULIC area.. sounds hopefull although I don't know what he meant by
that. I'm hoping he'll shed some light on his thoughts and/or works with
that.

He is a binkd developer so he may have pointers for securing binkp when
using binkd, we'll see what he has to say.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

On 18 Nov 2019 at 07:24p, Al pondered and said...

Yep, gonna get going with something here.
I just read Alexey Vissarionov say something about secure binkp in the FTSC_PULIC area.. sounds hopefull although I don't know what he meant by that. I'm hoping he'll shed some light on his thoughts and/or works with that.

He is a binkd developer so he may have pointers for securing binkp when using binkd, we'll see what he has to say.

cool, yes I had on my to-do a test with Oli over this so we could confirm
some polling with his TOR address.

--- Mystic BBS v1.12 A43 2019/03/03 (Windows/32)
* Origin: Agency BBS | Dunedin, New Zealand | agency.bbs.nz (21:1/101)

Just starting a thread here from one in Fido. Happy to work with
you both Oli/Al to get something running.

Yep, gonna get going with something here.

With which "something" should we start?

I just read Alexey Vissarionov say something about secure binkp in the FTSC_PULIC area.. sounds hopefull although I don't know what he meant
by that. I'm hoping he'll shed some light on his thoughts and/or works with that.

I also would like to know more about "secure binkp". To my knowledge it's not easy to create something that is significantlly better than direct TLS, but I'm
not an encryption expert.

--- GoldED+/LNX 1.1.5-b20180707
* Origin: 🌈 (21:1/151)

Yep, gonna get going with something here.

With which "something" should we start?

I don't know what button to press.. :)

Where do you think we should start, tor?

Let me know what I need to start and I'll get started.

I also would like to know more about "secure binkp". To my knowledge
it's not easy to create something that is significantlly better than direct TLS, but I'm not an encryption expert.

I once read Alexey say something about ssh. I could be mistaken but I
don't think ssh is what we want in this case. I hope he'll explain what
he means by secure binkp.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Yep, gonna get going with something here.

With which "something" should we start?

I don't know what button to press.. :)

Where do you think we should start, tor?

Let me know what I need to start and I'll get started.

Tor it is.

First you need to install Tor and then configure a hidden service (aka onion service):
https://www.torproject.org/docs/tor-onion-service.html.en

The short version:
apt get install tor

configure the service in /etc/tor/torrc, which looks like this (could be added to the end of the config file):

HiddenServiceDir /var/lib/tor/hidden_service/ftn_v2
HiddenServiceVersion 2
HiddenServicePort 24554 127.0.0.1:24554

HiddenServiceDir /var/lib/tor/hidden_service/ftn_v3
HiddenServiceVersion 3
HiddenServicePort 24554 127.0.0.1:24554

Version 2 are the short addresses, version 3 the long addresses (which is the default in recent versions). Short is better for the nodelist, long has even better security, anonymity, ... (if that matters). You can have both or you can
only use one of the two.
Restart tor. You should find the generated address in /var/lib/tor/hidden_service/ftn_v3/hostname (or whatever pathname you have configured).

Then we should be able to connect to your system over Tor.

Additional options:

You can use multiple ports with one onion address like:

HiddenServiceDir /var/lib/tor/hidden_service/ftn_v3
HiddenServicePort 24554 127.0.0.1:24554
HiddenServicePort 2323 192.168.0.21:2323

You can also use a seperate onion addresses for every service:

HiddenServiceDir /var/lib/tor/hidden_service/bink1
HiddenServicePort 24554 127.0.0.1:24554

HiddenServiceDir /var/lib/tor/hidden_service/bink2
HiddenServicePort 24554 127.0.0.1:24555

HiddenServiceDir /var/lib/tor/hidden_service/bink3
HiddenServicePort 24554 127.0.0.1:24556




--- GoldED+/LNX 1.1.5-b20180707
* Origin: 🌈 (21:1/151)

I once read Alexey say something about ssh. I could be mistaken but I don't think ssh is what we want in this case. I hope he'll explain
what he means by secure binkp.

Why don't we want ssh? I think it could be a good option and has also some advantages over TLS. It depends on the specification and implementation though.
I imagine there are multiple ways to use the SSH protocol with binkp. Some very elegant, others might be cringworthy.

--- GoldED+/LNX 1.1.5-b20180707
* Origin: 🌈 (21:1/151)

Let me know what I need to start and I'll get started.

Tor it is.

First you need to install Tor and then configure a hidden service (aka onion service):
https://www.torproject.org/docs/tor-onion-service.html.en

OK, I'll go have a look at this now.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Why don't we want ssh? I think it could be a good option and has also
some advantages over TLS. It depends on the specification and implementation though. I imagine there are multiple ways to use the SSH protocol with binkp. Some very elegant, others might be cringworthy.

Maybe I need to be more open minded.

I tend to think of ssh as just a secure shell. I'm using ssh now as I
write this on a BBS so I suppose binkp over ssh isn't such a stretch.

I think scp might be more what we want but I'm open to ideas and
different ways of doing things.

Ultimately what I would like is secure binkp, easy to install and use for
all ftn nodes.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Why don't we want ssh? I think it could be a good option and has
also some advantages over TLS. It depends on the specification
and implementation though. I imagine there are multiple ways to
use the SSH protocol with binkp. Some very elegant, others might
be cringworthy.

Maybe I need to be more open minded.

I tend to think of ssh as just a secure shell. I'm using ssh now as I write this on a BBS so I suppose binkp over ssh isn't such a stretch.

The terminal thing is only one functionality of SSH. A SSH session can have several channels and there are differnet subsystem (e.g. sftp). From RFC 4254:

A session is a remote execution of a program. The program may be a
shell, an application, a system command, or some built-in subsystem.
It may or may not have a tty, and may or may not involve X11
forwarding. Multiple sessions can be active simultaneously.

I don't understand all the internals, but my understanding is that SSH is designed to be used with other protocols.

I think scp might be more what we want but I'm open to ideas and
different ways of doing things.

Ultimately what I would like is secure binkp, easy to install and use
for all ftn nodes.

+1

and it should be really secure and not broken by design. Good enough for the next 20 years (in fidotime: the time other software need to catch up)


--- GoldED+/LNX 1.1.5-b20180707
* Origin: 🌈 (21:1/151)

Hello Oli,

Tor it is.

First you need to install Tor and then configure a hidden service (aka onion service):
https://www.torproject.org/docs/tor-onion-service.html.en

If I've done this right my onion address is..

unnp7cod2ek7teu4.onion


Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Tor it is.

If I've done this right my onion address is..

unnp7cod2ek7teu4.onion

12:08 [27342] BEGIN, binkd/1.1a-99/Linux
12:08 [27342] clientmgr started
12:08 [27343] using tor-proxy 127.0.0.1:9050/ for .onion address
+ 12:08 [27343] call to 21:4/106@fsxnet
12:08 [27343] trying unnp7cod2ek7teu4.onion via socks 127.0.0.1:9050...
12:08 [27343] connected
12:08 [27343] connected to socks5 127.0.0.1:9050
+ 12:08 [27343] outgoing session with unnp7cod2ek7teu4.onion:24554
- 12:08 [27343] OPT CRAM-MD5-f55767689f3ca1441b5df64a7cb6d2ee
+ 12:08 [27343] Remote requests MD mode
- 12:08 [27343] SYS The Rusty MailBox
- 12:08 [27343] TIME Wed, 20 Nov 2019 03:08:04 -0800
- 12:08 [27343] VER binkd/1.0.5-pre5/Linux binkp/1.1
+ 12:08 [27343] addr: 21:4/106@fsxnet
- 12:08 [27343] TRF 0 0
+ 12:08 [27343] Remote has 0b of mail and 0b of files for us
- 12:08 [27343] OPT EXTCMD GZ BZ2
+ 12:08 [27343] Remote supports EXTCMD mode
+ 12:08 [27343] Remote supports GZ mode
+ 12:08 [27343] Remote supports BZ2 mode
+ 12:08 [27343] sending /srv/ftn/outbound/fsxnet/21.4.106.0.out as cb489628.pkt
(862)
+ 12:08 [27343] sent: /srv/ftn/outbound/fsxnet/21.4.106.0.out (862, 862.00 CPS,
21:4/106@fsxnet)
+ 12:08 [27343] done (to 21:4/106@fsxnet, OK, S/R: 1/0 (862/0 bytes))



--- GoldED+/LNX 1.1.5-b20180707
* Origin: 🌈 (21:1/151)

20 Nov 19 12:08, I wrote to Al:

- 12:08 [27343] VER binkd/1.0.5-pre5/Linux binkp/1.1

Is your binkd build with perl support?

$ binkd -vv
Binkd 1.1a-99 (Oct 3 2019 15:18:24/Linux)
Compilation flags: gcc, zlib, bzlib2, perl, https, amiga_4d_outbound. Facilities: fts5004 ipv6


--- GoldED+/LNX 1.1.5-b20180707
* Origin: 🌈 (21:1/151)

Hello Oli,

- 12:08 [27343] VER binkd/1.0.5-pre5/Linux binkp/1.1

I suppose that version is what is going to be the next release, but I'm not sure.

Is your binkd build with perl support?

No, would perl support be useful? I could look into it.

$ binkd -vv
Binkd 1.1a-99 (Oct 3 2019 15:18:24/Linux)
Compilation flags: gcc, zlib, bzlib2, perl, https, amiga_4d_outbound. Facilities: fts5004 ipv6

$ binkd -vv
Binkd 1.0.5-pre5 (Oct 27 2019 20:21:52/Linux)
Compilation flags: gcc, zlib, bzlib2.
Facilities: fsp1035 ipv6

I don't think I need amiga outbound support. What is https and fts5004 support about?

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Hello Oli,

Is your binkd build with perl support?

It does now, I added --with-perl and --with-proxy

$ binkd -vv
Binkd 1.0.5-pre5 (Nov 20 2019 04:10:27/Linux)
Compilation flags: gcc, zlib, bzlib2, perl, https.
Facilities: fsp1035 ipv6

Ttyl :-),
Al

--- GoldED+/LNX 1.1.5-b20180707
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)

Hi Al,

- 12:08 [27343] VER binkd/1.0.5-pre5/Linux binkp/1.1

I suppose that version is what is going to be the next release, but
I'm not sure.

I see many nodes that use binkd 1.1a-9x. I doubt that there will ever release version of 1.0.5, the last commit in the 1.0.x branch is from 2016.

Is your binkd build with perl support?

No, would perl support be useful? I could look into it.

I uses a small perl script that automatically sets the Tor proxy if the hostname of the node is a .onion address, but you could also use the -pipe parameter with ncat:

node 21:1/151 -pipe "ncat --proxy=127.0.0.1:9050 --proxy-type=socks5 *H *I" boqbccnwyumttwvh.onion

$ binkd -vv
Binkd 1.1a-99 (Oct 3 2019 15:18:24/Linux)
Compilation flags: gcc, zlib, bzlib2, perl, https,
amiga_4d_outbound.
Facilities: fts5004 ipv6

$ binkd -vv
Binkd 1.0.5-pre5 (Oct 27 2019 20:21:52/Linux)
Compilation flags: gcc, zlib, bzlib2.
Facilities: fsp1035 ipv6

I don't think I need amiga outbound support.

Most likely not. I use it with a modified crashmail, because I don't like the hex numbers in the flo files.

What is https and fts5004 support about?

I think https is used for the http proxy, not sure.
fts5004 enables fidonet address DNS lookups (binkp.net)


--- GoldED+/LNX 1.1.5-b20180707
* Origin: 🌈 (21:1/151)

Is your binkd build with perl support?

It does now, I added --with-perl and --with-proxy

$ binkd -vv
Binkd 1.0.5-pre5 (Nov 20 2019 04:10:27/Linux)
Compilation flags: gcc, zlib, bzlib2, perl, https.
Facilities: fsp1035 ipv6

Great! You can try to use my perl script. Put this in your binkd.cfg file (adjust path):

perl-hooks /etc/binkd/onion.pl
perl-var tor-proxy 127.0.0.1:9050/

This is the onion.pl script (it should be in your inbound directory now):

sub on_call
{
if ($config{"tor-proxy"}) {
foreach (split(/;/, $hosts)) {
if ($_ =~ /\.onion\z/) {
$hosts = $_;
$socks = $config{"tor-proxy"};
Log(4, "using tor-proxy $socks for .onion address");
}
}
}
return 1;
}


Now you could use this line for my node:

node 21:1/151 boqbccnwyumttwvh.onion


--- GoldED+/LNX 1.1.5-b20180707
* Origin: 🌈 (21:1/151)

I suppose that version is what is going to be the next release, but
I'm not sure.

I see many nodes that use binkd 1.1a-9x. I doubt that there will ever release version of 1.0.5, the last commit in the 1.0.x branch is from 2016.

Yep, I've used that too. I've stuck with this for a while to support
their release effort but it doesn't look like any release is going to
happen so I'll likely get back to 1.1a, might as well just do that now.

$ binkd -vv
Binkd 1.0.5-pre5 (Oct 27 2019 20:21:52/Linux)
Compilation flags: gcc, zlib, bzlib2.
Facilities: fsp1035 ipv6

fts5004 enables fidonet address DNS lookups (binkp.net)

fsp1035 and fts5004 made me go looking. fsp1035 is a standard now,
fts5004. So both version support that.

Ttyl :-),
Al

--- MagickaBBS v0.13alpha (Linux/x86_64)
* Origin: The Rusty MailBox - Penticton, BC Canada (21:4/106)