View Issue Details

IDProjectCategoryView StatusLast Update
0006314unrealircdpublic2023-07-23 19:33
Reporteruser7720Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
Summary0006314: Support passing cert fingerprints via a WebIRC Gateway
DescriptionThe WebIRC protocol allows the gateway to send the certificate fingerprint hash to the IRCd so the user can login. If implemented, oper blocks should NOT be allowed to oper up when using a WebIRC gateway. It would also be recommended to hide the certfp output on WHOIS which this appears to be a supported option already.
TagsNo tags attached.
3rd party modules



2023-07-23 18:47

administrator   ~0022972

Last edited: 2023-07-23 19:33

Hiding fingerprints is just security by obscurity. We are talking about public certificates / public fingerprints here, they are never meant to be secret. As I told you on IRC, in TLSv1.2 and earlier they even travel unencrypted over the wire.

More to the point, do you have an actual use case for this? I have only heard theoretical ones (I know of exactly 1), but for like webchats this feature makes no sense: think about it, the user connects with a browser to a certain machine, which then uses WEBIRC to communicate to UnrealIRCd. Where does the user provide his certificate? Not via their browser, I can tell you that, nobody does that.
And for other software, like long-standing connections like from a BNC, it is just like IRCCloud, they don't use WEBIRC at all, they are just long-standing / persistent connections.

Issue History

Date Modified Username Field Change
2023-07-17 05:33 user7720 New Issue
2023-07-23 18:47 syzop Note Added: 0022972
2023-07-23 18:47 syzop Note Edited: 0022972
2023-07-23 19:33 syzop Note Edited: 0022972