Re: SSL patch for 2.11 ircd

["Grega" <grega@xxxxxxxxxx>]

>> Why don't you just incooporate it into the IRCnet ircd
>> release, e.g. in 2.11.2.
> a) it is not tested (and should be very heavily, especially s2s)

Of course it needs testing, that's why I've sent it to the list. ;)
And also to wake up this almost dead mailing list.

Friday the 13th seemed like a perfect day for that. :)

> c) SSL is not priority for .2

I agree - it was never planned for something as early as
2.11.2. Patricia is the major thing that needs to be done
in that version.

> b) it was not planned for .2 (fiction popped it out of blue)

Not really out of the blue. I was bugging you with it
all the time on !ircd. :)
I guessed that you will probably want to see the code soon anyways.

> e) it is not clean yet (some remnants of old code, adding Y:line fields
>    without prior consulting (and thus breaking planned patricia), etc.

Well there are two versions of the patch just because of that.
One with anfl's patricia and one without (as it adds a new
Y:line field) and other stuff which could lead to rejects when
patching. Logic: SSL field is always last.

> Besides, clients would very rarely use it (what's the point, if end to end
> is not secure (and on IRC probably will never be)), opers maybe would use
> it, admins probably won't use it, worrying about CPU usage on s2s links...

If clients supported it, one could OPER with a smartcard
instead of password based authentication - that
would be quite useful.

I read about IRC clients supporting CTCPS which would make
end-to-end communication a bit more secure.
But hell even CTCP is just a draft afaik.

Greetings,
Grega "fiction" Pogacnik