mirror of
https://github.com/mikaela/mikaela.github.io/
synced 2024-12-28 14:22:42 +01:00
93 lines
3.8 KiB
Markdown
93 lines
3.8 KiB
Markdown
---
|
|
layout: post
|
|
comments: true
|
|
title: "IRC over TLS is not pointless"
|
|
category: [english]
|
|
tags: [english, IRC, SSL, TLS]
|
|
redirect_from:
|
|
- /irctls/
|
|
- /ircssl/
|
|
- /english/2015/04/22/IRC-over-TLS.html
|
|
sitemap: true
|
|
robots: noai
|
|
---
|
|
|
|
_IRC over TLS is not pointless unless you only worry about things that you
|
|
cannot affect at all. SSL is pointless, because of [POODLE]._
|
|
|
|
I use IRC over TLS on all networks that support it (=other than IRCnet) and I
|
|
also [verify the certificates]. TLS is used
|
|
|
|
_Update on 2015-06-18: I was told that IRCnet does have SSL on
|
|
ssl.irc.atw-inter.net and ssl.rfc1459.ca, but server links are mostly
|
|
unencrypted. I am not able to use those though as Finnish channels are mostly
|
|
stupid and letting people only in from Finnish servers._
|
|
|
|
- between my client and bouncer
|
|
- when they both are on localhost it's not used and my bouncer only listens
|
|
for plain text connections only on `127.0.0.1` and `::1`.
|
|
- between my bouncer and IRCd
|
|
|
|
These are the points that I can affect. I cannot do anything to server links
|
|
other than hope that the network operators know what they are doing and use TLS.
|
|
I cannot affect whether other users use TLS or not or do they check the
|
|
certificates or blindly accept whatever they are offered.
|
|
|
|
As I use TLS everywhere where I can affect, I can be more sure that my
|
|
discussions aren't so easily read on:
|
|
|
|
- open WLAN
|
|
- any router between me and the bouncer
|
|
- any router between bouncer and the IRC server
|
|
|
|
And like everyone else says, you cannot be sure on the server links or other
|
|
people on the channels or queries. You can only make sure that **you** are using
|
|
TLS.
|
|
|
|
One example where TLS is very helpful even if you have no idea whether the other
|
|
people use SSL is passwords:
|
|
|
|
- your NickServ password isn't in plain text between you and the IRC server, but
|
|
you again cannot know if the IRC server sends it to other IRC server(s) in
|
|
plain text that are between the server where you are connected to and services
|
|
server.
|
|
- your /OPER password in case you are IRC operator. Imagine being on open WLAN
|
|
or similar situation and transmitting your password in plain text and someone
|
|
else taking that password. What kind of "fun" things they could do with it?
|
|
|
|
_Now you can move into reading why [IRC over SSL is pointless],
|
|
[web.archive.org]..._
|
|
|
|
[poodle]: https://en.wikipedia.org/wiki/POODLE
|
|
|
|
[verify the certificates]:{% post_url blog/2015-02-24-znc160-ssl %} [IRC
|
|
over SSL
|
|
is
|
|
pointless]:https://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
|
[web.archive.org]:https://web.archive.org/web/20130425123002/http://www.quakenet.org/articles/99-trust-is-not-transitive-or-why-irc-over-ssl-is-pointless
|
|
|
|
## Addition: who is interested in my traffic?
|
|
|
|
- Finland - Security Police & Defence Forces
|
|
- Currently law allowing Security Police and the Defence Forces to do network
|
|
monitoring without limitations is going to pass in the parlament.
|
|
- Sweden - National Defence Radio Establishment & Security Police & Police
|
|
- Sweden has monitored all traffic going through them since 2008 and most of
|
|
Finnish traffic goes through them.
|
|
- 2015-04-23
|
|
https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Legal_framework
|
|
- 2015-04-23
|
|
https://en.wikipedia.org/w/index.php?title=National_Defence_Radio_Establishment&oldid=651267187#Mass_surveillance
|
|
- 2015-04-23 (in Finnish)
|
|
https://www.hackingthroughcomplexity.fi/2013/10/ruotsin-verkkovalvonta-latakon.html
|
|
/ https://archive.is/iYrsl
|
|
- UK - GCHQ
|
|
- Cooperating with Sweden
|
|
- 2015-04-23
|
|
https://en.wikipedia.org/w/index.php?title=Government_Communications_Headquarters&oldid=656835589#2000s:_Coping_with_the_Internet
|
|
- USA - NSA
|
|
- Cooperating with Sweden
|
|
- 2015-04-23
|
|
https://en.wikipedia.org/w/index.php?title=Global_surveillance_disclosures_(2013%E2%80%93present)&oldid=655974095
|
|
- Many others? :(
|