mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-12-26 05:02:37 +01:00
parent
2f1c84bf64
commit
09b3420b03
52
_posts/2015-04-22-IRC-over-TLS.md
Normal file
52
_posts/2015-04-22-IRC-over-TLS.md
Normal file
@ -0,0 +1,52 @@
|
||||
---
|
||||
layout: post
|
||||
comments: true
|
||||
title: "IRC over TLS is not pointless"
|
||||
category: [english]
|
||||
tags: [english, IRC, SSL, TLS]
|
||||
---
|
||||
|
||||
*IRC over TLS is not pointless unless you only worry about things that you
|
||||
cannot affect at all. SSL is pointless, because of [POODLE].*
|
||||
|
||||
I use IRC over TLS on all networks that support it (=other than IRCnet)
|
||||
and I also [verify the certificates]. TLS is used
|
||||
|
||||
* between my client and bouncer
|
||||
* when they both are on localhost it's not used and my bouncer only
|
||||
listens for plain text connections only on `127.0.0.1` and `::1`.
|
||||
* between my bouncer and IRCd
|
||||
|
||||
These are the points that I can affect. I cannot do anything to server
|
||||
links other than hope that the network operators know what they are doing
|
||||
and use TLS. I cannot affect whether other users use TLS or not or do they
|
||||
check the certificates or blindly accept whatever they are offered.
|
||||
|
||||
As I use TLS everywhere where I can affect, I can be more sure that
|
||||
my discussions aren't so easily read on:
|
||||
|
||||
* open WLAN
|
||||
* any router between me and the bouncer
|
||||
* any router between bouncer and the IRC server
|
||||
|
||||
And like everyone else says, you cannot be sure on the server links
|
||||
or other people on the channels or queries. You can only make sure that
|
||||
**you** are using TLS.
|
||||
|
||||
One example where TLS is very helpful even if you have no idea whether
|
||||
the other people use SSL is passwords:
|
||||
|
||||
* your NickServ password isn't in plain text between you and the IRC
|
||||
server, but you again cannot know if the IRC server sends it to other
|
||||
IRC server(s) in plain text that are between the server where you are
|
||||
connected to and services server.
|
||||
* your /OPER password in case you are IRC operator. Imagine being on
|
||||
open WLAN or similar situation and transmitting your password in
|
||||
plain text and someone else taking that password. What kind of "fun"
|
||||
things they could do with it?
|
||||
|
||||
*Now you can move into reading why [IRC over SSL is pointless]...*
|
||||
|
||||
[POODLE]:https://en.wikipedia.org/wiki/POODLE
|
||||
[verify the certificates]:{% post_url 2015-02-24-znc160-ssl %}
|
||||
[IRC over SSL is pointless]:https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
Loading…
Reference in New Issue
Block a user