[Konversation-devel] DCC SSL support
Bernd Buschinski
b.buschinski at googlemail.com
Sun Dec 16 22:29:51 UTC 2012
Hello,
As I am kinda stuck with dcc schat...
I feel like writing some text.
I have some problems... the first is the kvirc default cipher, ADH.
By default kvirc uses a ssl ADH cipher, which Qt blocks, but even worse by
default openssl disables them too.
ADH cipher allow MiTM attacks which, I was told, is basically as good as
nothing -> normal dcc chat.
So there wont be a konv<->kvirc "default" dcc schat possible, only possible
bugreports about that not working.
Also I couldn't find a way to use KTcpSocket in a SslServer scenario.
As the only good way is to use
QTcpSocket::incomingConnection(int socketDescriptor);
and use that to create QSslSockets.
That means konv must have its own gui to setup certificates and keys and
client certs.
Now... as you think about it... dcc is a peer-to-peer connection.
Without a on-the-fly setupless dcc schat the whole thing gets pretty
complicated for the user.
If you always just chat with the same person, and you are always the
initiator, its ok. But otherwise you have to generate a whole lot of
server&client certificates.
Also should konv remember the certs setting per user?
NOTE: as there is also "reverse" dcc schat the thing gets even more confusing
for the user
I just feel like the whole stuff gets way to complicated for the user.
OTR might be more suited for this, but no clue how secure that really is, or
if there is any irc client that supports it.
If you still think dcc schat is really useful... tell me, and I will maybe
believe you.
More information about the Konversation-devel
mailing list