ircv3-ideas icon indicating copy to clipboard operation
ircv3-ideas copied to clipboard

Published 20 hours ago verified publisher icon ircv3

Alternatives to WebPKI

Open NetworkJack2 opened this issue 6 years ago • 3 comments

The Web PKI is great because it comes default with everything. Its not so great because it has quite a few known weaknesses. In addition it only works on the public internet. It's pretty useless on TOR(yes, I know you can get a .onion signed), I2P, VPNs, and LANs

idea:

Optional spec for clients to add certificates per server at config time. This solves the use case of a private server on a private network such as a VPN or LAN.

NetworkJack2 avatar Jul 09 '19 08:07 NetworkJack2

This is very on the edge of "out of scope" for IRCv3. There's no capability, no stuff changed for the protocol itself. I think this would probably be better for something like ircdocs and (self-promo) ircdocs/best-practices where this client UX could be standardized.

RyanSquared avatar Jul 09 '19 08:07 RyanSquared

Client UI design seems pretty out of scope for IRCv3.

Also, if you're on a private server that isn't internet accessible you can make your own CA and provide root certs for your users to install (or install them automatically if you control the hardware).

SadieCat avatar Jul 09 '19 08:07 SadieCat

I agree that this is out of scope. On a technical note, though, Tor and I2P have network-layer security already; it'd seem redundant to specify a way to use certs on top.

edk0 avatar Jul 09 '19 08:07 edk0