[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Proposal: the 'token' solution - Informal part
- To: "Mario 'BitKoenig' Holbe" <Mario.Holbe@xxxxxxxxxxxxxxxx>
- Subject: Re: Proposal: the 'token' solution - Informal part
- From: jazz@xxxxxxxxxx (Lars Chr. Hausmann)
- Date: 18 Feb 2000 21:16:35 +0100
- Cc: ircd-users@xxxxxxx
- Delivered-to: ircd-users-out@irc.org
- Delivered-to: ircd-users@irc.org
- In-reply-to: "Mario 'BitKoenig' Holbe"'s message of "Fri, 18 Feb 2000 21:01:05 +0100"
- References: <20000218210105.C633@rubens>
- User-agent: Gnus/5.0802 (Gnus v5.8.2) Emacs/20.5
>>>>> "Mario" == Mario 'BitKoenig' Holbe <Mario.Holbe@xxxxxxxxxxxxxxxx> writes:
Mario> Hi, since Helmut 'delta' Springer - *.de BIC representant -
Mario> seems to got lost somehow, I need to release the proposal at
Mario> myself acting as part of *.de opers to keep my own deadlines :)
Mario> We all know about existing problems on IRCNet, so I don't need
Mario> to describe them here.
Mario> Viewing at this problems, 11 german IRC Operators met at
Mario> 02/12/2000 to discuss the problems, interferences and possible
Mario> solutions.
Mario> Here is one of them to discuss it in public.
Mario> We think that the network should work mostly without manual
Mario> interference of opers or services. This way there's neither an
Mario> easy way to manipulate things nor a personal responsibility of
Mario> the admin.
Agreed - but it should be a possibility I think.
Mario> One of our big problems at the moment are attacks against users
Mario> to disconnect them and make them loose their state (states
Mario> interesting in here are channel related states - voice, chanop,
Mario> ...). We know, there are other ones, but we need to solve
Mario> some, not only one and we need to solve them fast and this
Mario> solution ist a fast to establish one, so we concentrate on this
Mario> for the first.
Mario> The well known solution for this problem will be some kind of
Mario> persistent channel registry, which we (IRCNet) refuse for
Mario> serveral reasons (privacy, admin power, admin responsibility,
Mario> channel ownership, distributed database, religion ,).
Mario> Another solution to this problem might be an 'on the fly
Mario> channel registry' which allows user to regain his status on
Mario> reconnect after a 'bad' (collision, ping timeout, ...) signoff
Mario> for a short time. This solution has the advantage of neither
Mario> establish a structure to own or control channels nor to store
Mario> really persistent data.
Mario> We call this solution a 'token' (we're not calling it 'Cookie'
Mario> for obvious reasons). This token will be assigned to a client
Mario> and saves it's state, if it disconnects for some unusual reason
Mario> (everything except QUIT, Oper KILL, ?) and lives for a short
Mario> time (15 minutes?). If the user comes back and requests the
Mario> token, it will restore the client state on the channels the
Mario> client was before and is now (server MODE changes). The token
Mario> has to be safe against guessing and DoS. The token will be
Mario> only local to the server, it has not to be distributed to other
Mario> servers, so no new server-to- server communication has to be
Mario> established. The token solution gives no 100% solution for the
Mario> takeover problem - at least not for #channels and netsplits,
Mario> but it does for !channels and we loose nothing for #channels,
Mario> we'll win a bit for them but not 100%.
I think it sounds good - maybe make the time a bit longer 30 minutes,
maybe even an hour.
Mario> Implementation details, DoS and abuse concerns will be
Mario> discussed at ircd-dev@xxxxxxxx
Mario> We don't want to do this as just another ugly patch, we want to
Mario> establish it in the ircd upstream code and release it as new
Mario> ircd version.
Mario> Therefor this mail (thread) should establish an informal
Mario> discussion about that solution and should help to find out, if
Mario> such a solution will be accepted and used or not by a majority
Mario> of IRCNet admins.
I like the idea, and I find it a nice way to solve some of the
problems. Futhermore I find the solution useable on IRCnet.
[snip time schedule]
Mario> We'd be glad, if we could reduce the time for the whole stuff
Mario> of course :)
Mario> I put up a website containing delta's first proposal released
Mario> to Beeth, this informational proposal and the technical
Mario> proposal at https://irc.tu-ilmenau.de/token/ and I'll try to
Mario> keep it up to date with every new information concering the
Mario> token solution.
Mario> Now it's yours, what's your opinion about it?
As I said, I like the idea.
Regards,
Lars Chr. Hausmann
SunSITE.auc.dk