[ircd-ratbox] Request For Feature: IRCS (IRC-over-SSL)

Paul-Andrew Joseph Miseiko esoteric at teardrop.ca
Tue May 17 11:52:17 EDT 2005


Do you use telnet instead of SSH?  If you truly believe what you wrote 
below then I imagine you do... since SSH suffers the same fates that SSL 
incurs on a public network.

--
  .-------------------------------------.
( Biggest security gap -- an open mouth )
  `-------------------------------------'
--
Paul-Andrew Joseph Miseiko

On Tue, 17 May 2005, Lee H wrote:

> On Tue, May 17, 2005 at 01:22:19PM +0200, Ralf S. Engelschall wrote:
>> On irc.openpkg.net we are using the IRCS (IRC-over-SSL) protocol
>> (only). Unfortunately, ircd-ratbox currently still does not support
>> IRCS natively while other IRC daemons (e.g. Unreal, etc) already do.
>> Hence, we are using STunnel in front of ircd-ratbox. This works fine and
>> without any problems.
>
> Other IRC daemons dont need the stability and speed that comes with being
> used on a network like efnet.
>
>> Hence, my Request For Feature is for native SSL/TLS support
>> in ircd-ratbox. Something like this older patch under
>> http://www.wohmart.com/ircd/pub/ratbox/3-Feature/ssl/ but for the latest
>> version, of course. ircd-ratbox already (optionally) uses OpenSSL's
>> libcrypto (for the challenge/response functionality), so the next
>> obvious step would be use libssl for supporting IRCS anyway ;-)
>
> I think most people are misguided about just what SSL offers.  If you need
> conversations to be secure, then there are two main choices.  Either youre
> on a public network, or youre on a private network.
>
> A public network is not secure and it never will be, because the server
> itself can perform MITM attacks.  If its a private network, access control
> isnt a problem, because you need to be restricting who can connect anyway.
>
> To be truly secure, you would need to be sending in a format that the
> *server* cannot decrypt - ie, encryption implemented completely client side,
> probably over DCC.  You would also have to be ircing from a machine that you
> know to be secure (ie, no shell box).  Otherwise all youre attempting is to
> fix the possibility of MITM attacks rather than making your conversations
> secure.
>
>
> Personally, I dont see any real benefits to it.  The illusion that IRC can
> ever be secure is just that, an illusion.
>
> -- 
> -                 Lee H // anfl
> -        I code, therefore I break things.
>


More information about the ircd-ratbox mailing list