client ssl

Jack L. xxjack12xx at doramail.com
Thu Sep 29 22:18:10 EDT 2005


I think clients should be the ones responsible for doing ssl and the server sending plaintext. Every client doing ssl would take much much less cpu than if the server handled it all. Server ssl is not a solution in my opinion.

----- Original Message -----
From: ongeboren <xxx.coder at gmail.com>
To: "General IRCD-Hybrid Discussion" <hybrid at lists.ircd-hybrid.org>
Subject: Re: client ssl
Date: Thu, 29 Sep 2005 23:48:42 +0200

> 
> Client SSL is a good thing for the cases when you don't trust your ISP
> and/or your local traffic inside the ISP can be sniffed. This is the
> only and most important use of client SSL I can think of.
> 
> 
> On 9/29/05, Joan Touzet <joant at ieee.org> wrote:
> > One often overlooked use of client SSL connections is in the context
> > of a private IRC network, such as those run by companies and NGOs.  If
> > you know and trust all of the servers on the network, then client SSL
> > solves the very real problem of how to communicate in a secure
> > fashion, without having to give up the familiarity and pleasure of
> > working in the traditiona IRC paradigm.
> >
> > In other words, client SSL isn't a complete wash.
> >
> > On 9/29/05, nospam at ofloo.org <nospam at ofloo.org> wrote:
> > > I wouldn't link one server in ssl while an other isn't all my servers
> > > are ssl, and the part about rogue administrators .. only counts for the
> > > server of that admin..
> > >
> > > and i don't think that there are to many rogue admins out there like i
> > > would want to log someones info.. wtf am i gone do with it.. i use ssl
> > > for shell providers and so forth, internet provider and then yes it is safe
> > >
> > > Paul-Andrew Joseph Miseiko schreef:
> > >
> > > > There's always been a huge movement against SSL encapsulated IRC
> > > > sessions and it makes perfect sense, the reasons for and against.
> > > > Most people think that SSL encrypted IRC sessions means nobody can
> > > > read there conversations but I'd like to believe most of us on this
> > > > list are intelligent enough to know that is untrue.  At best SSL
> > > > encapsulated IRC sessions provide limited exposure of a conversation.
> > > >
> > > > Which brings me to the point of my email.
> > > >
> > > > It might be wise to inform people that connect to a IRC daemon with
> > > > SSL enabled, as an SSL client, that avenues of exposure still exist;
> > > > such as a a rogue administrator, unencrypted routes between servers,
> > > > and non-SSL enabled targets.
> > > >
> > > > Keeping people educated is always a good thing.
> > > >
> > > > --
> > > >  .-------------------------------------.
> > > > ( Biggest security gap -- an open mouth )
> > > >  `-------------------------------------'
> > > > --
> > > > Paul-Andrew Joseph Miseiko
> > > >
> > > > On Wed, 28 Sep 2005, nospam at ofloo.org wrote:
> > > >
> > > >> i finaly see that hybrid supports clientssl now i wonder why they left
> > > >> out channel mode +S where only ssl clients can join this way there is no
> > > >> real use for ssl except for privmsg
> > > >>
> > >
> > >
> > >
> > >
> >
> >
> 
> 
> --
> Evlogi Petrov - ongeboren at UniBG




                              ~Jack~


-- 
_______________________________________________
Get your free email from www.doramail.com with 30 Megs of disk space in webhosting and e-mail storage!


Powered by Outblaze




More information about the hybrid mailing list