Re: STARTTLS and ircd

[Q <Q@xxxxxxx>]

On Tue, Feb 15, 2000 at 09:12:52PM +0100, Thomas Kuiper wrote:
> On Tue, 15 Feb 2000, Greg Budai wrote:
> 
> > On Tue, 15 Feb 2000, Thomas Kuiper wrote:
> > 
> > > I write a SSL extension for the ircd using OpenSSL (which is the most
> > > portable and most used SSL Library afaik). Its supposed to be in
> > > /contrib, since its using a non-standard library. Its also going to
> > > be IETF-Draft, so here is a quick overview for you what it does:
> > 
> > That's a pretty good idea IMHO. No fear about stealing the /oper password
> > with sniffing packets from now :)
> 
> that was the main idea about it :) server<->server doesn't make much sense
> imho since they already can use "kinda secure" zip links

The zip links start *AFTER* PASS and SERVER have been send by both
servers, and they agree on using it. It's a parameter in the PASS message.

It should atleast allow the negotiation before anything else, which is
then how you would do it properly for servers.

It should always be optional to use it, and I think it could be helpfull
not to use it all the time, but only for the time you do the
authentication, because it will otherwise waste some resource for nothing.

But I think this should be discussed on the new mailingslist.


Q