add TLS encryption
Houkime opened this issue · 0 comments
Houkime commented
Is your feature request related to a problem? Please describe.
It seems like connection to Luminari on 4100 is not encrypted. Meaning credentials can be sniffed out because they are sent in cleartext.
Describe the solution you'd like
IRC servers tend to provide at least 2 ports: one for encrypted (TLS) and one for unencrypted (for compatibility) connection.
Note that Mudlet does support tls (most probably some others do support too) so there is no problem on the client side.
One can add TLS support to the server via, for example, openssl or libressl libs
Describe alternatives you've considered
Alternatives:
- Have in-protocol encryption.
--- prone to errors
--- needs a new protocol ( or any examples of in-protocol encryption for MUDs?) and hence, client changes. - Have one TLS port exclusively (no uncencrypted connections allowed).
+++ protects the whole community
+++ does not require handling 2 ports
--- may break compatibility with more simplistic clients(?) - Be accessible as an onion service (in addition to clearnet)
+++ no change to codebase
+++ strongest guarantees for privacy-minded (but also for hackers)
--- somewhat harder administration
--- less accessible for non-tor-users -> minimal benefit for average security