Well James, The purpose of +S is to ensure all users in that channel (Channel that is +S) are connected via SSL. Each individual user, must be umode +S (SSL) in order to join. Thus, making sure ALL users are encrypted. As, if even just one user in a channel is not connected via SSL, then the purpose of SSL becomes fairly moot to begin with. Since, all of your data sent (even if you are connected via SSL) is plain text to that persons machine, thus making it non-encrypted at that point anyways. So, what he is wanting is a way to ensure that all users encrypted, so at no point (atleast no point of a users end), is the data non-encrypted. It is used on other networks, although, I can't recall which ones off hand. [ Irvine A. Eatmon ] [ prez - prez@dal.net ] [ rapport.ix.us.dal.net ] [ Global Operator - Services Administrator ] [ Web Team Member ]
It seems like a really a bad idea to introduce any new modes that /INVITE cannot override, as it introduces new poorly-understood methods that can be used by a channel hijacker/taker-overer.
What is the point of this +S mode, who would we expect to use it, how many users would actually want to use it immediately, and what would we expect to accomplish with it?
Can you guarantee that all IRC servers perform SSL/TLS encryption of all traffic between servers, and no non-SSL-connected IRC server is capable of JOINing a user to the channel or effecting it in any manner so as to alter settings or receive traffic from the channel?
Can you guarantee a user hasn't telnetted into a server and run an IRC client from it?
It seems like end-to-end encryption is a guarantee we can never make even at an IRC protocol level (without considering the multitude of ways a session can seem to be encrypted but be totally insecure), so trying to imply "mode +S" should make an assertion like that, is like IRCD trying to make a false promise....
3) Invites should NOT over-ride +S and if for any reason someone non-ssl joins, S mode should be removed by the server. -- -J
DALnet-src mailing list DALnet-src@lists.dal.net https://lists.dal.net/mailman/listinfo/dalnet-src