Well, from my understanding DALnet's Coding Team is already working on, and has implimented, client-side SSL. It is in testing stages. As for hostmasking, I can see this feature being of use for many of our users. People like to feel secure when using IRC, as let's face it, it does have a bit of a bad name compared to other Chat means for having a lot of "kiddies." So adding this will help allow our users (mainly new users,) to feel a little more safe while on DALnet. I agree with "Option 1." This method should work properly, and limit the chance of abuse. We can not have these hashes change, as it would get annoying having to re-ban users from channels a lot. But then again, it's the same when they change ident@vhost. It's bound to happen sometimes, but for the the most part we should be okay in the general abuse area. As for some saying "if it ain't broke, don't fix it." well, this has been a long time coming. Plenty of networks have successfully used host-masking, and will for years to come. DALnet should also, being an top-5 network, offer this to our users as well. It's about them, and if majority want this, we should provide it. I can't see how adding hostmasking would add more channel evading abuse than already exists, especially with the main option mentioned. If they want to get around it, they will with or with-out hostmasking. So my conclusion is, YES to proposition 101! (Host-masking.) done using hashes. (user-2500.dal.exampleISP.com) [ Irvine E. ] [ prez - prez@dal.net ] [ rapport.ix.us.dal.net ] [ Global Operator - Services Administrator ] [ Web Team Member ] BEGIN REPLY-TO MESSAGE: - - - - - - - - - - - -
DALnet has successfully done no hostmasking for over a decade, so if it ain't broke, don't fix it, in my opinion. Client side ssl, though, I feel is a reasonable enhancement request. What with more places offering wifi, and internet options on the go these days, I feel a more secure client to server communication is higher priority than hostmask offerings.
On Tue, Oct 13, 2009 at 8:33 PM, Michael Reynolds < michael.reynolds@gmail.com> wrote:
On Tue, Oct 13, 2009 at 7:55 PM, Vin King <vin.king@gmail.com> wrote:
Personally, I don't think DALnet needs masking. I see plenty of room for abuse, and inability to properly ban things, especially if each server is independently hashing a hostmask.
BUT, if we WERE to mask, I'd go with a static hash of the address shared among servers. Connecting server hashes it, passes it as the hostmask to all other servers. Helps prevent abuse. Nick based masks hold plenty of room for abuse.
Considering DALnet's rate of growth over the past few years, and the fact that there are thousands upon thousands of networks that have successfully done hostmasking for close to a decade, I'd have to wonder why DALnet would not want to implement this feature.
For that matter, let's throw in client SSL. I don't want to hear the excuse that it uses too much load. A Gentoo box powered by a Dell 2950 with an Intel PT 1000 can handle over 100 million SSL connection setups and takedowns in a day, with a load average of 0, and this is without hardware acceleration. _______________________________________________ DALnet-src mailing list DALnet-src@lists.dal.net https://lists.dal.net/mailman/listinfo/dalnet-src
_______________________________________________ DALnet-src mailing list DALnet-src@lists.dal.net https://lists.dal.net/mailman/listinfo/dalnet-src