Items in alt.irc

Subject:Re: WHICH IRC DAEMONS YOU USE AND WHY ?
Date:Fri, 6 Aug 2004 15:11:57 -0700
From:"David Schwartz" <davids@webmaster.com>
Newsgroups:alt.irc

"Remco Rijnders" <remco@webconquest.com> wrote in message 
news:opscbl4yxf32ljov@news.xs4all.nl...

> You must excuse me for asking this... but what is the hot thing about SSL 
> on IRC? You pay a lot of overhead for encrypting conversations in public 
> channels,

    That's not really true. The overhead is so low that a modern computer 
with a 100Mbps network connection can encrypt/decrypt the full 100Mbps 
without a problem. My P3-750 can encrypt/decrypt about 250MB per second 
(megaBYTES).

> where you have no idea who it is that is present.

    Sometimes you do, sometimes you don't. But you may well know who has 
access to your physical network, and you may have secrets from them.

> And then the  logs are stored in plain text at Joe Bobs computer that also 
> has the  newest Gator spyware installed.

    If Joe Bob is an intended recipient, he can do whatever he wants with 
the text he's received. Obviously, you do have to trust the recipients. But 
that's the same with everything.

> Same for encrypting between servers... What is the use?

    There's plenty of use. The server may be on a shared network with 
computers sitting on a shared network segment. The point of encrypted 
between servers is to make sure the users choose the recipients.

    Another point is that the current way most IRCDs establish their 
server-to-server links (bidirectional password authentication with the 
passwords sent in the clear) is seriously deficient in many ways. SSL 
provides the oppurtunity to authenticate in a way that's spoof-proof and 
reliable.

> If you have no  doubts about the security of the two servers on each end, 
> is it really  that realistic to worry about the Cisco routers that are in 
> between?

    Sure. You probably have much more control over your servers than you do 
over the networks between them.

> This is not meant to criticise anyone, but I've never understood why 
> anyone would want it?

    It's been an absolute requirement for many military and government 
applications. It's also been essential in several commercial applications 
that had to meet specific regulatory requirements.

    DS