SASL is "secure, encrypted authentication with the server"

[Mikaela]

SASL (PLAIN (communi/libcommuni#23)) is not any more secure/encrypted than any other way to identify and if you want it to be encrypted, you also use SSL connection and check server certificates (communi doesn't do this as far as I know).

[Venemo]

I don't understand, what exactly is the issue here?

[Mikaela]

That the "Use SASL" checkbox misleadingly calls it as "secure, encrypted authentication with the server". In reality IRC SASL doesn't have encryption (unless you use SSL/TLS) and isn't more secure than any other way to identify to services.

More proper message would be that "SASL automatically identifies you to NickServ before you join channels", which is simplification, but everyone would understand what it does.

[Venemo]

@Mikaela So if I understand correctly, there isn't an actual problem with SASL, just the wording that is on the UI is not clear enough, right?

[Mikaela]

Yes, the only issue is misleading wording.