Unless someone presents more compelling arguments in favor of the idea, I do not expect to add SSL support to ircu.
On the networking side of things, it does little to protect users from the kind of surveillance you describe: If an adversary is recording metadata, they will get substantively the same data whether the content is encrypted or not. If an adversary is recording all traffic, they can probably find some plaintext stream of the same content from elsewhere in the IRC network -- unless you planned to force all clients to use SSL. On the server capacity side, SSL will also consume a lot of memory for a large network -- each SSL context is much larger than the current per-client budget. That also means an increase in CPU cache thrashing, which means a disproportionate increase in CPU utilization. Because ircu is single-threaded, CPU utilization can still be an issue, especially during a net burst. (You're going to encrypt your server-to-server links too, right? Hopefully using certificates that were distributed out-of-band?) On the administrative side of things, us maintainers would have additional legal obligations to comply with (regarding the export of cryptographic software, even if it is open source that only calls open source libraries to perform the actual cryptographic operations) and it would make ircu illegal in some places. I would suggest using IPsec as an alternative scheme to protect network traffic from eavesdropping, whether it is IRC or any other protocol, or SSL proxy software on the IRC server combined with iauth to "spoof" the true host names back onto a tunneled client. Entrope On Thu, Jul 18, 2013 at 12:51 AM, Laura Steynes <laura.steyne...@gmail.com> wrote: > Hi there, > > Searching Google shows an old but very short thread about SSL on ircu which > did not have any answer, so in light of recent word wide outrage against the > united states govt and its nsa with prism, and uk's gchq's similar program, > I was hoping to revive this feature request with a view to more urgency for > the protection and the privacy of the honest decent citizens which contrary > to usa govt beliefs, are in the vast majority. > > Our network is small, but other ircd's have and have had SSL for some time, > and we would rather not change since we know, like, and trust ircu. > > My question is, do we move? Our committee has decided SSL is the way > forward,so I have ben tasked tgo find out if there is currently work or plan > of work being done on ircu for (both server and client side) SSL? > Or, is there currently no plan or work underway ? > > Thankss > Laura, > (ircu user since 1996) > > > _______________________________________________ > Coder-com mailing list > Coder-com@undernet.org > http://undernet.sbg.org/mailman/listinfo/coder-com > _______________________________________________ Coder-com mailing list Coder-com@undernet.org http://undernet.sbg.org/mailman/listinfo/coder-com
