[ircd-ratbox] Request For Feature: IRCS (IRC-over-SSL)

Lee H lee at leeh.co.uk
Tue May 17 14:54:54 EDT 2005


On Tue, May 17, 2005 at 03:34:29PM +0200, Ralf S. Engelschall wrote:
> What if you're running a private stand-alone IRC server on a public
> network as we do?

If your data needs to be secure its distribution needs to be as small as
possible, ideally not even going outside of the private server.  In which
case, access control is fine.

My original point still stands though, if your messages need to be secure,
you need to be using something the server cant decrypt.

> Fully agreed. For full security nobody evers should consider IRC. But
> just because full security is not possible on IRC shouldn't have to mean
> no security is considered at all, shouldn't it?

I think youre grossly overestimating just how much security ssl on irc
offers.

> IMHO sending authentication credentials in plaintext over a public
> network is (from a security point of view) equal to not requiring any
> authentication credentials at all.

Mounting a MITM attack is hardly trivial, its certainly a potential problem
but its by no means a major one.  Its a far bigger concern that the machine 
where the ircd runs is secure -- on a public network, your hopes of ensuring 
that are laughable.

Long gone are the days when irc was just about chatting to people..

> Or to be somewhat heretic this topic: IRCd-Ratbox is for mainly large
> public networks, its companion Ratbox Services is for IRCd-Ratbox
> (only), Ratbox Services provides UserServ, and UserServ provides no way
> to allow the authentication passwords to be transmitted not in plaintext
> over a large public network. So, why UserServ at all? ;-)

If I were you, id be more concerned about social engineering, and whether
the users own machine is secure.  Youre going to have more problems with
that than you ever will with MITM attacks.


I personally dont want ssl anywhere near ircd (and you wont convince me
otherwise).  The decision will more than likely rest on whether aaron wants
to maintain it or not, because I wont be touching it. :)

-- 
-                 Lee H // anfl
-        I code, therefore I break things.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.ratbox.org/pipermail/ircd-ratbox/attachments/20050517/b9965ac3/attachment.pgp


More information about the ircd-ratbox mailing list