Secure Internet Live Conferencing

An Anonymous Coward writes: "Newsforge has an article about new generation secure chat protocol called SILC (Secure Internet Live Conferencing). The article features the protocol and its features like secure file transfer. Interesting article and very interesting protocol." We posted a story about SILC last year; looks like they've come a long way since then.

Betther than SSH/Stunnel/etc. + IRC

[libertynews]

The reason why this project is so good is that it just works. you install the client and you can connect securely without screweing around with configuring a dozen different programs, etc. I had it up and running in the time it took to download the .rpm and install it.

Re:Secure talking not very common

[Shiny+Metal+S.]

Somehow, it is quite hard to _really_ initiate a secure communication without much work.

I won't say anything insightful here, but when I need a Secure Internet Live Conferencing(tm) to safely talk about some top secret stuff with people I work with, then we just connect to our server with ssh, run BitchX and use a local IRC daemon. Quite easy and secure for me, especially when most of the work is in shell anyway.

Re:Secure talking not very common

[Jubal+Kessler]

Or you could just connect via ssh to a localhost-only IRC server and yak to friends there ..

Link a few of those localhost-only IRC servers together via ssh tunnels, and voila, secure network. However, accounts on the machines hosting the IRC servers are required.

Given the above, one could create an account with the shell pointing to an IRC client binary, so specific user accounts wouldn't always be necessary.

The pro: Don't have to retrofit existing IRC clients on any platform for SSL or other PKI compatibility. Just ssh forward ports 113 (identd) and 6667 (ircd), and point your favorite program to localhost on 6667. Or whatever port on which you've got ircd listening.

The con: You need an account on the localhost-only IRC server's host.

Good, but Trillian may be simpler

[internic]

I've been using Trillian for a while. It's a free (like beer) mult-medium chat client for Windows. The newest version supports 128-bit blowfish encryption for chatting over AIM and ICQ networks with other Trillian clients. This is achieved by using a key exchange method like Openssh. It is far from mature. As the newsforge article notes about other such systems, it lacks the authentication and key management aspects, so it is not really very secure yet; however, those could be achieved with relative ease, I beleive, and the general method might be a lot more viable for a transition from current insecure systems.

The point is that the way Trillian does it, all messages are encrypted into ascii-armored "messages" that are sent through preexisting messging protocols. A new protocol would probably be better, but it will be hard to get people to switch. Plus you need servers, and you will likely run into the same problems of the big companies working against interoperability. With Trillian, I can talk securely to those who care and have the client, and still talk to everybody else, and it doesn't take special servers, so we don't have to start our own or wait for AOL to finally think that security might be a good thing.

My point is not, "Hey everybody, switch to Trillian," but rather that the system of changing the client operation and leaving the protocol the same may not be as good as a completely redesigned protocol, but it may be more workable. ...However, if you use Windows, do check Trillian out!