tiny icon indicating copy to clipboard operation
tiny copied to clipboard
verified publisher icon osa1

Add support for SASL certificate authentications

Open fogti opened this issue 5 years ago • 1 comments

Currently, there seems to be no way to use certificates (e.g. SASL ECDSA-NIST256P) to authenticate. Some servers seem to support it (e.g. hackint). This should be probably possible by leveraging existing Rust crypto libraries.

fogti avatar May 03 '20 20:05 fogti

I am proposing that we close this and only implement #196 (for now) because,

  1. SASL ECDSA-NIST256P is not widely used or supported by many other clients (weechat and irssi only?) and may be phased out in favor for better crypto (see https://github.com/atheme/atheme/issues/684#issuecomment-568967597)
  2. It's a huge pain to implement nicely*

*The reason why it is a pain is because the way IRC servers implemented the protocol, namely by issuing a challenge and expecting an answer that is the signed challenge without being hashed first -- something that RustCrypto libraries do not support easily (can do it with really disgusting code), meaning we would have to use and require OpenSSL.

trevarj avatar Nov 14 '21 08:11 trevarj