Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using IRC for Electronic Meetings?

Posted by Cliff on from the coopting-existing-technology-for-your-needs dept.

paenguin asks: "Our Linux User Group sometimes needs to hold Exec meetings, electronically. We have used IRC in the past, but it leaves us with a problem: there is no easy or built-in way to prove who is who. Do Slashdot readers know of a way to provide non-repudiation over IRC, or of another open source method of holding group electronic meetings where we can verify that everyone is who they say they are?" Wouldn't a private IRC server, with a combination of suitable IRC services (ala NickServ and ChanServe) and fairly restrictive policies, be one solution to this problem? How would you set up such a system? For those willing to brave the setup hassles, might some form of secure IRC also be an option?

5 of 67 comments (clear)

  1. Silc? by Anonymous Coward · · Score: 1, Interesting

    I would give Silc a try (www.silcnet.org). It allows people to use a PKI for authentication.

  2. Again, MOOs work for this sort of thing. by Cecil · · Score: 3, Interesting

    This purpose has been adequately served for several companies I'm involved with by using a MOO or other MU*s. My bias may be revealed by the fact that one of those corporations is in fact dedicated to running a particular MOO.

    However, I have to say that it satisfies all of your requirements and provides a great deal of flexibility for the future as well. It has its own internal programming language (affectionately but not officially known as C&) which allows you to modify basically everything without requiring a restart. It has full support for TCP/IP and file IO, and though the binary support leaves something to be desired, it is quite possible to write a fully functional HTTP server for example.

    --
    Random and weird software I've written.
  3. Is it really so difficult? by ambient · · Score: 2, Interesting

    Simply "sign" in...

    Use your PGP key to sign something that the mod's post. Voilla. Non-repudiation.

    If you're an established group, you must have already exchanged your public keys, right?

  4. IRC is probably not what you want by Tom7 · · Score: 2, Interesting

    First, make your channel +sk and tell the keyword and channel name to only the people who you want invited.

    After that you could use PGP to have everyone sign a newly created message with their private key, thus proving that they are who they are. However, this doesn't prevent eavesdropping, message insertion, or denial of service. If you want protection from any of these, IRC is definitely not what you want.

  5. Run the server yourself by mikeswi · · Score: 2, Interesting

    Run the ircd yourself on an internal company server and deny it access to the internet.

    If you need to allow people outside the company internal network in, find out what IP address your employees will be connecting from ahead of time, make certain you are opered (/oper [ircop name] [oper password]) and check their IP address when they connect.

    If it gives you a non-numerical address, use the /dns command to do a nslookup. ex/ /dns dpc6682193179.direcpc.com would give you the IP address 66.82.193.179.

    If the person claiming to be Bob Smith emailed you ahead of time saying he was going to use that IP, then it's him. If it's nowhere close, then it's not.
    -

    --
    Only on /.