top | item 24492691

(no title)

IRC has the issue that it lacks end to end encryption (and sadly OTR is outdated garbage)

If you use netcat you also do not use tls, try openssl s_client -connect server:port instead.

discuss

snazz|5 years ago

I generally support end-to-end encryption for everything, but I'm not sure that it makes sense in the context of IRC. IRC networks are usually public, so anyone could join your channel and listen in, even with end-to-end encryption. It seems like E2E would make for a lot of complexity and overhead without tangibly increasing the privacy of the users.

Fnoord|5 years ago

Before E2EE was used in IM clients, IRC already had IRC over TLS, and also OTR (which was also used in Gaim/Pidgin).

On IRC, IRC over TLS doesn't have the same threat model as E2EE. With IRC over TLS, the server(s) can read the data plaintext. With proper E2EE (not the marketing version) that's not the case; only clients can read the data. I'm talking about actual data/content here; not metadata.

oarsinsync|5 years ago

> IRC networks are usually public, so anyone could join your channel and listen in, even with end-to-end encryption.

Yep, and all they'd see is encrypted garbage, unless they have encryption keys, if the messages are end-to-end encrypted. That's the whole point.

There are ways to do this on IRC (e.g. libfish), but no idea how that crypto actually stacks up by todays standards.

dependenttypes|5 years ago

There are private IRC channels (password protected or invite-only) as well as private messages.