A lot of people will say that hey, that’s not a problem, it’s better than plaintext.
We don’t agree, and feel that the false sense of security SSL provides is worse than no SSL at all.
This argument proves too much. It also would say that shoppers should not care if websites use SSL because maybe the merchant doesn’t use SSL properly to talk to their bank.
In reality, encrypting at least some of the links in the chain of communication provides cheap, reliable protection against easy eavesdropping attacks (coffee shop wifi, snooping employer, Comcast). That it does not protect every link against every attack (especially the pernicious “low-knowledge user ignores security errors” example it hangs on) doesn’t mean that a binary “security” property has been permanently lost. This is not even 90s-level security thinking.
It’s the classic, “There’s a weak link in the chain – look! It’s made out of plastic!”, “Yes, therefore, we should now only make chains out of cheap plastic.” fallacy.
Why is that a fallacy? If there must be a plastic link in the chain and a chain is only as strong as the weakest link, can’t we save money on materials and just make the whole chain out of plastic?
The fallacy is that you should replace the weak link, not the whole chain. Yes, a weak SSL link is dangerous, but the claim that it’s worse to have it w/ a weak link then to have it at all is fallacious – the right answer is to ensure that the weak link is replaced.
I guess, the missing ingredient in my analogy is “Imagine the chain is very long, and the cost of replacing a single link is much cheaper than replacing the whole chain”, because ultimately – it is. The right way to solve the problem isn’t to throw away SSL secured steps, but to instead make good SSL security easy to implement.
I suppose it’s better to say it’s an Opportunity Cost fail than a proper fallacy, but the line of thinking does seem, at least, a little faulty.
Won’t this have exactly the same problems that email has? “My link to the server may be encrypted, but from that point on it is anyones guess? The only way to fix that is either using email and irc is either forcing encryption with a minimum standard like TLS… or switching to a distributed protocol so you can talk directly to the recipient and it is up to you and the recipient to agree on security.
This argument proves too much. It also would say that shoppers should not care if websites use SSL because maybe the merchant doesn’t use SSL properly to talk to their bank.
In reality, encrypting at least some of the links in the chain of communication provides cheap, reliable protection against easy eavesdropping attacks (coffee shop wifi, snooping employer, Comcast). That it does not protect every link against every attack (especially the pernicious “low-knowledge user ignores security errors” example it hangs on) doesn’t mean that a binary “security” property has been permanently lost. This is not even 90s-level security thinking.
It’s the classic, “There’s a weak link in the chain – look! It’s made out of plastic!”, “Yes, therefore, we should now only make chains out of cheap plastic.” fallacy.
Why is that a fallacy? If there must be a plastic link in the chain and a chain is only as strong as the weakest link, can’t we save money on materials and just make the whole chain out of plastic?
The fallacy is that you should replace the weak link, not the whole chain. Yes, a weak SSL link is dangerous, but the claim that it’s worse to have it w/ a weak link then to have it at all is fallacious – the right answer is to ensure that the weak link is replaced.
I guess, the missing ingredient in my analogy is “Imagine the chain is very long, and the cost of replacing a single link is much cheaper than replacing the whole chain”, because ultimately – it is. The right way to solve the problem isn’t to throw away SSL secured steps, but to instead make good SSL security easy to implement.
I suppose it’s better to say it’s an Opportunity Cost fail than a proper fallacy, but the line of thinking does seem, at least, a little faulty.
So, how do you fix SSL for IRC this way? You can’t force clients to unilaterally reject invalid SSL certs.
I could be wrong but I think it would also provide some protection from someone injecting fake data into your stream?
Define “stream.” Someone cant send stuff on behalf of me. But I will still see a compromised Bob’s messages.
Your own TCP stream, as in someone doing things on your behalf
Won’t this have exactly the same problems that email has? “My link to the server may be encrypted, but from that point on it is anyones guess? The only way to fix that is either using email and irc is either forcing encryption with a minimum standard like TLS… or switching to a distributed protocol so you can talk directly to the recipient and it is up to you and the recipient to agree on security.