Comments (4)
SadieCat
commented on June 20, 2024
4
This is probably more appropriate for Modern IRC's draft CTCP RFC than IRCv3. That said, we should really be pushing to obsolete plaintext IRC. There's just no reason to not use TLS in 2022.
In InspIRCd v4 I have made it mandatory to build with at least one TLS module and TLS will be required to link non-local servers. I'm also considering making it so TLS is required by default for logging into a server operator account. I'd recommend that other server devs do something similar.
Client developers can also move towards TLS as the default by making it so connecting with TLS is the default behaviour (i.e. require -insecure for plaintext instead of -ssl for TLS).
from ircv3-specifications.
dgl
commented on June 20, 2024
Note I disclosed this in advance to libera.chat and they have implemented network side filtering, so it's worth mentioning it is possible to filter this at the server side too.
from ircv3-specifications.
slingamn
commented on June 20, 2024
Very cool result, thanks :-)
I have put a recommendation for client authors that they should consider dropping "^A" within PING responses.
What octet(s) is this?
from ircv3-specifications.
grawity
commented on June 20, 2024
lol it's the linksys bug all over again
I have put a recommendation for client authors that they should consider dropping "^A" within PING responses.
What octet(s) is this?
It's the same 0x01 that begins/terminates a CTCP message, except apparently in this case it shows up in the middle of a response (where Linux mistakenly picks it up as the beginning of a real "DCC" CTCP).
(So you have to be careful to not over-filter it as the 1st or last octet of a message, because that'd break CTCP in general.)
(I don't believe IRCv3 has really considered DCC, one interesting point is many clients implement DCC, but don't necessarily implement encryption for it, so it might be interesting to consider specifying a warning when establishing a plaintext DCC session if the connection to the IRC server itself is encrypted.)
So why is TLS not a thing for DCC yet? Several other systems are successfully using TLS-PSK to bootstrap a new (D)TLS connection without needing certificates on either side – but just generating a cert on the fly and including its fingerprint in the CTCP request would probably work as well (there are again systems which do that, I believe I've seen it in WebRTC).
I mean, client-side warnings are mostly outside of what IRCv3 does, but specifying a new DCC-TLS protocol would work.
from ircv3-specifications.
Related Issues (20)
- CHATHISTORY: consider an API to discover DM correspondents HOT 8
- A capability for enabling receiving arbitrary standard replies HOT 3
- ISUPPORT UTF8ONLY is not backwards-compatible. HOT 10
- BOT flag lacks notification of change HOT 5
- sasl spec should clarify that AUTHENTICATE is a normal IRC message HOT 2
- CAP DEL undefined behavior
- oper tag HOT 1
- Unclear how servers should send cap updates HOT 2
- Standardize pre-welcome FAIL ACCOUNT_REQUIRED HOT 3
- Client-tag for specifying in which shared channel a private NOTICE should be displayed HOT 5
- CHATHISTORY: Clarify a limit of 0 in messages HOT 7
- Multiline messages: Clarify what counts towards max-bytes and what doesn't
- sasl-3.1: Mention size limit of incoming SASL authentication messages HOT 1
- Chat history + Channel rename HOT 3
- irc Some privacy issues HOT 5
- sasl: spec recommendations breaks single roundtrip connection registration HOT 4
- Unresolved issues with message redaction HOT 6
- CHATHISTORY: clarify behaviour when messages have no consistent total ordering HOT 1
- draft/account-registration: should all responses use standard-replies? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ircv3-specifications.