Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for SASL certificate authentications #191

Open
fogti opened this issue May 3, 2020 · 1 comment
Open

Add support for SASL certificate authentications #191

fogti opened this issue May 3, 2020 · 1 comment
Labels
feature request

Comments

@fogti
Copy link
Contributor

fogti commented May 3, 2020

Currently, there seems to be no way to use certificates (e.g. SASL ECDSA-NIST256P) to authenticate. Some servers seem to support it (e.g. hackint). This should be probably possible by leveraging existing Rust crypto libraries.
@trevarj
Copy link
Contributor

trevarj commented Nov 14, 2021
edited
Loading

I am proposing that we close this and only implement #196 (for now) because,

  1. SASL ECDSA-NIST256P is not widely used or supported by many other clients (weechat and irssi only?) and may be phased out in favor for better crypto (see saslserv/ecdsa-nist256p-challenge misuses openssl's ECDSA_verify() by not hashing the challenge atheme/atheme#684 (comment))
  2. It's a huge pain to implement nicely*

*The reason why it is a pain is because the way IRC servers implemented the protocol, namely by issuing a challenge and expecting an answer that is the signed challenge without being hashed first -- something that RustCrypto libraries do not support easily (can do it with really disgusting code), meaning we would have to use and require OpenSSL.

trevarj added a commit to trevarj/tiny that referenced this issue Nov 14, 2021
@trevarj
SASL ECDSA in not working state
d7466a1 
Cannot implement nicely due to IRC server implementation not requiring
challenge to be hashed. See osa1#191 comment for details.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@osa1 @fogti @trevarj