client ssl
Paul-Andrew Joseph Miseiko
esoteric at teardrop.ca
Sat Oct 1 22:02:19 EDT 2005
That's what SILC is for. ;)
--
.-------------------------------------.
( Biggest security gap -- an open mouth )
`-------------------------------------'
--
Paul-Andrew Joseph Miseiko
On Thu, 29 Sep 2005, Joan Touzet wrote:
> One often overlooked use of client SSL connections is in the context
> of a private IRC network, such as those run by companies and NGOs. If
> you know and trust all of the servers on the network, then client SSL
> solves the very real problem of how to communicate in a secure
> fashion, without having to give up the familiarity and pleasure of
> working in the traditiona IRC paradigm.
>
> In other words, client SSL isn't a complete wash.
>
> On 9/29/05, nospam at ofloo.org <nospam at ofloo.org> wrote:
>> I wouldn't link one server in ssl while an other isn't all my servers
>> are ssl, and the part about rogue administrators .. only counts for the
>> server of that admin..
>>
>> and i don't think that there are to many rogue admins out there like i
>> would want to log someones info.. wtf am i gone do with it.. i use ssl
>> for shell providers and so forth, internet provider and then yes it is safe
>>
>> Paul-Andrew Joseph Miseiko schreef:
>>
>>> There's always been a huge movement against SSL encapsulated IRC
>>> sessions and it makes perfect sense, the reasons for and against.
>>> Most people think that SSL encrypted IRC sessions means nobody can
>>> read there conversations but I'd like to believe most of us on this
>>> list are intelligent enough to know that is untrue. At best SSL
>>> encapsulated IRC sessions provide limited exposure of a conversation.
>>>
>>> Which brings me to the point of my email.
>>>
>>> It might be wise to inform people that connect to a IRC daemon with
>>> SSL enabled, as an SSL client, that avenues of exposure still exist;
>>> such as a a rogue administrator, unencrypted routes between servers,
>>> and non-SSL enabled targets.
>>>
>>> Keeping people educated is always a good thing.
>>>
>>> --
>>> .-------------------------------------.
>>> ( Biggest security gap -- an open mouth )
>>> `-------------------------------------'
>>> --
>>> Paul-Andrew Joseph Miseiko
>>>
>>> On Wed, 28 Sep 2005, nospam at ofloo.org wrote:
>>>
>>>> i finaly see that hybrid supports clientssl now i wonder why they left
>>>> out channel mode +S where only ssl clients can join this way there is no
>>>> real use for ssl except for privmsg
>>>>
>>
>>
>>
>>
>
>
More information about the hybrid
mailing list