[ircd-ratbox] Request For Feature: IRCS (IRC-over-SSL)

Lee H lee at leeh.co.uk
Tue May 17 08:51:49 EDT 2005


On Tue, May 17, 2005 at 01:22:19PM +0200, Ralf S. Engelschall wrote:
> On irc.openpkg.net we are using the IRCS (IRC-over-SSL) protocol
> (only). Unfortunately, ircd-ratbox currently still does not support
> IRCS natively while other IRC daemons (e.g. Unreal, etc) already do.
> Hence, we are using STunnel in front of ircd-ratbox. This works fine and
> without any problems.

Other IRC daemons dont need the stability and speed that comes with being
used on a network like efnet.

> Hence, my Request For Feature is for native SSL/TLS support
> in ircd-ratbox. Something like this older patch under
> http://www.wohmart.com/ircd/pub/ratbox/3-Feature/ssl/ but for the latest
> version, of course. ircd-ratbox already (optionally) uses OpenSSL's
> libcrypto (for the challenge/response functionality), so the next
> obvious step would be use libssl for supporting IRCS anyway ;-)

I think most people are misguided about just what SSL offers.  If you need
conversations to be secure, then there are two main choices.  Either youre
on a public network, or youre on a private network.

A public network is not secure and it never will be, because the server
itself can perform MITM attacks.  If its a private network, access control
isnt a problem, because you need to be restricting who can connect anyway.

To be truly secure, you would need to be sending in a format that the
*server* cannot decrypt - ie, encryption implemented completely client side, 
probably over DCC.  You would also have to be ircing from a machine that you 
know to be secure (ie, no shell box).  Otherwise all youre attempting is to
fix the possibility of MITM attacks rather than making your conversations 
secure.


Personally, I dont see any real benefits to it.  The illusion that IRC can
ever be secure is just that, an illusion.

-- 
-                 Lee H // anfl
-        I code, therefore I break things.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ratbox.org/pipermail/ircd-ratbox/attachments/20050517/43650270/attachment.pgp


More information about the ircd-ratbox mailing list