Slashdot Mirror

← Back to Stories (view on slashdot.org)

Using IRC for Electronic Meetings?

Posted by Cliff on from the coopting-existing-technology-for-your-needs dept.

paenguin asks: "Our Linux User Group sometimes needs to hold Exec meetings, electronically. We have used IRC in the past, but it leaves us with a problem: there is no easy or built-in way to prove who is who. Do Slashdot readers know of a way to provide non-repudiation over IRC, or of another open source method of holding group electronic meetings where we can verify that everyone is who they say they are?" Wouldn't a private IRC server, with a combination of suitable IRC services (ala NickServ and ChanServe) and fairly restrictive policies, be one solution to this problem? How would you set up such a system? For those willing to brave the setup hassles, might some form of secure IRC also be an option?

24 of 67 comments (clear)

  1. Don't you have OSS IM software? by ObviousGuy · · Score: 5, Insightful

    What's stopping you from using an IM client that allows multiple users in a conference-type configuration?

    The IM server is responsible for authentication, so you just add your buddies and then start chatting. Seems simple.

    --
    I have been pwned because my /. password was too easy to guess.
    1. Re:Don't you have OSS IM software? by acaird · · Score: 4, Informative
      Jabber and OpenLDAP can do this. It might be a bit overkill, but it certainly works, and has decent client support for Linux (and other Unixes), Windows, and OS X.

      Jabber also supports SSL and is extensible (so can support things like group-conference room logging).

      --
      Power corrupts. PowerPoint corrupts absolutely. E. Tufte
    2. Re:Don't you have OSS IM software? by alexpage · · Score: 2, Informative

      More importantly, Jabber supports GPG-signed and -encrypted instant messaging. That system in a Jabber converence room should solve the original problem perfectly.

  2. uhh - other IM services? by jeffy124 · · Score: 3, Insightful

    just exchange AOL Screen Names in a face-to-face setting, and set up a private chat room. Done!

    --
    The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
    1. Re:uhh - other IM services? by GiMP · · Score: 3, Insightful

      Except all communications go through AOL, unencrypted.

  3. Identification in IRC by robbkidd · · Score: 3, Insightful

    It's been a while since I spent much time in IRC, but even several years ago we would identify channel ops with a bot (eggdrop, if I recall correctly). Giving everyone ops isn't necessary, either. It is simple to have usernames and passwords maintained and authenticated on a bot and to set the IRC channel to require members to be given a voice (by the bot upon authentication) to speak in the channel.

  4. Years ago... by NanoGator · · Score: 2, Informative

    I'm sorry I don't know much about the server end, I figure lots of other people can answer that question. I just know how I'd go about it once the server is up and running.

    I was quite active on Austnet. They had NickOp which was used for registerring a nickname and for
    logging in. They had Chanop which was for maintaining channels etc. They had noteop for sending messages. So, to answer your question, I'd either use Austnet, or build a private IRC server with similar funcationality. Then, create a channel via chanop, and set access to every registerred person so that Chanop ops them. Why do this? Well, you have 120 seconds to enter your password when you use a registerred nick. Chanop will not op you until you are logged in. So if somebody comes on using a nick they shouldn't, they won't be opped. When they have the @ next to their name, they've logged in, and you know who you're talking to.

    --
    "Derp de derp."
  5. Verifying users on IRC by Kris_J · · Score: 2, Informative
    Can you require users to MSG a bot with a password before joining a channel, or be kicked? Anyone got a good site for IRC bots?

    I'm considering proposing an IRC network across our group for real-time multi-person chatting -- rather than Messenger or ICQ. There are so many nice things about the very mature IRC system that gets drowned out by all the pre-teens on public IRC networks, it's worth exploring.

  6. Services by cyan · · Score: 2, Informative

    Yes, to elaborate further in the comment in the story, the best way to establish this kind of 'identity' scheme is to make use of a set of services. Andy Church makes a very good IRC Services package which is available at http://www.ircservices.za.net which is more than capable for performing the task at hand.

    You'll need an IRC daemon which is also able to be tightly integrated with services, and for that task, I recommend using Bahamut (available at http://bahamut.dal.net. As the URL implies, it's the same IRCd that DALnet uses. In particular, you're looking for a channel mode which restricts channel access to registered clients only. In Bahamut, this is the +R channel mode (which is different from +r.)

    Services has a channel option known as 'RESTRICTED' which will only allow people who are on that channel's access list into the channel. Everyone else will be kicked and banned automatically by services. Thus, you can have reasonable assurance that everyone who's in the channel has A) identified to their registered nick with services, and B) is supposed to be in the channel, since they're on that channel's access list. Furthermore, the status of someone's identity can be checked by doing '/MSG NickServ STATUS ', where is the nickname you want to know the status of. NickServ will then tell you if the nickname is identified to properly (i.e. via a password.)

    Some of the more advanced IRC options include replacing the ancient 'ident' system with something more modern. On IRC, anyone who isn't 'identified' has a tilde (~) prefixed to their username. However, since almost anyone can put anything in the ident reply these days, this has become practically useless (it used to be that you could tell, with reasonable assurance, what user was coming from what Unix box with ident -- not so anymore.) Instead, it's possible to setup an authorization scheme that makes use of IRC's 'PASS' command to also 'identify' to a unique username.

    My Synchronet IRCd (http://www.synchro.net/docs/ircd.txt) makes use of this scheme by letting users be 'identified' whenever they provide the correct password and username that corresponds to the local BBS account (Synchronet is a very nice piece of BBS software for Linux/Win32/BSD/etc.) That way, a user coming online from a certain BBS without a tilde in their username is an indicator that they've identified correctly to their local BBS account. That's just one of the ways ident can be replaced to provide something more useful.

  7. Again, MOOs work for this sort of thing. by Cecil · · Score: 3, Interesting

    This purpose has been adequately served for several companies I'm involved with by using a MOO or other MU*s. My bias may be revealed by the fact that one of those corporations is in fact dedicated to running a particular MOO.

    However, I have to say that it satisfies all of your requirements and provides a great deal of flexibility for the future as well. It has its own internal programming language (affectionately but not officially known as C&) which allows you to modify basically everything without requiring a restart. It has full support for TCP/IP and file IO, and though the binary support leaves something to be desired, it is quite possible to write a fully functional HTTP server for example.

    --
    Random and weird software I've written.
    1. Re:Again, MOOs work for this sort of thing. by Twylite · · Score: 5, Funny

      You are in a board room. Its long, polished oval table and leatherette chairs are quite intimidating. A filter coffee machine bubbles quietly in the corner.

      A Board Member is here.
      A Chairman is here.
      An Executive Directory is here.
      An Axe is on the floor.

      --
      i-name =twylite [http://public.xdi.org/=twylite], see idcommons.net
  8. Is it really so difficult? by ambient · · Score: 2, Interesting

    Simply "sign" in...

    Use your PGP key to sign something that the mod's post. Voilla. Non-repudiation.

    If you're an established group, you must have already exchanged your public keys, right?

  9. solution by Leroy_Brown242 · · Score: 2, Informative
    IRC would work.
    1. Set up a freeBSD machine.
    2. Install an IRC server.
    3. Get Chanserv and nickserv working.
    4. Have everyone ssh into that box. Then, allt eh communication would be over ssh, or to and from localhost.
    --
    Pretty Pictures!
  10. SILC? by kyhwana · · Score: 2, Informative

    Or you could use SILC which is an encrypted/authenicated chat network. Every client has to generate a public/private keypair, so you could get/post public key fingerprints in the workplace/wherever, then simply authenicate each user who comes into the channel, or password protect the channel.

    --
    My email addy? should be easy enough.
  11. IRC is probably not what you want by Tom7 · · Score: 2, Interesting

    First, make your channel +sk and tell the keyword and channel name to only the people who you want invited.

    After that you could use PGP to have everyone sign a newly created message with their private key, thus proving that they are who they are. However, this doesn't prevent eavesdropping, message insertion, or denial of service. If you want protection from any of these, IRC is definitely not what you want.

    1. Re:IRC is probably not what you want by aminorex · · Score: 2, Insightful

      Use IRC over SSL with client certificates.

      --
      -I like my women like I like my tea: green-
    2. Re:IRC is probably not what you want by spitefulcrow · · Score: 3, Informative

      Yeah, SSL-enabled IRCds are available, including UnrealIRCd (www.unrealircd.com). Haven't tried to use the SSL myself, but it's a good IRCd with a nice set of features and good Services integration. I think you can even have SSL server links as well as client connections. The network I frequent uses Anope (www.anope.org) IRC Services, which include the password-based nick registration system mentioned above.

      --
      Sorry, my karma just ran over your dogma.
  12. identity and security in im/conferencing clients by joelja · · Score: 2, Insightful

    certain jabber clients allow you to pgp encrypt or just sign every message in an exchange. couple that with jabber servers support for ssl and you have a secure and autheticated message stream and meeting space

  13. I have a simpler suggestion by Artifex · · Score: 2, Insightful

    You guys are all Linux people, so I'm sure you have the ability and wherewithal to set up a private local IRC service on your server. Set the meeting channel to keyed if you need to, but here's the best part: your local usernames on your server are visible in the /whois, so as long as you have usernames (maybe just for these meetings) that are your.name@*, you don't need any nickserve, etc., because everyone can see your name when you log in. If you have any suspicions still, you can pop to another screen and run "w" to see whether they're really logged in and running epic or bitchx or whatever.

    --
    Get off my launchpad!
  14. Lily by Damien+Neil · · Score: 2, Informative

    Lily is a CMC (computer mediated communications) server that supports user authentication and discussion history. Lily is mature; the oldest lily server has been in constant service (with only occasional brief downtime for upgrades) for over ten years.

  15. IRC for meetings? I can see where that will go. by Jorkapp · · Score: 3, Funny

    we need more money
    * Boss sets mode +b IT_Guy012*!*@*.*
    * IT_Guy012 has been kicked by Boss (YOU'RE FIRED)

    --
    Frink: Nice try floyd, but you were designed for scrubbing, and scrubbing is what you shall do.
  16. OP: Here is a solution. by Glonoinha · · Score: 2, Funny

    As silly as this sounds, first go read Snow Crash, then get some Star Wars Galaxies accounts. SWG lets you customize the avatar really quite well, it is amazing how many toons I have found walking around that look EXACTLY like me (no, not the Wookiees - the humans.) Once named the avatars own exclusive use of that name on that server so nobody can fake being them. You can own property in game, massive buildings that can have furniture such as chairs and tables, you have facial and body expressions available, expression different social posturing (happy, upset, confused, about 100 different ones), you can log the discussions, you can do private messaging, group messaging for sub-groups, private or group email. And the office building can be so far out away from everybody else you basically have the server to yourself. The client - server connection is secure and encrypted (if I recall correctly) specifically to prevent hackers from listening in (something Sony learned from EverQuest) and the buildings can be whitelisted to keep anybody except your group out.

    Perfect solution. Also, if Bob from accounting gets on your nerves you can bust a cap in his ass.

    --
    Glonoinha the MebiByte Slayer
  17. Private IRC server by cjpez · · Score: 2, Informative
    Yeah, where I used to work we had a private IRC server set up inside the corporate network, so you either had to be physically on our network or connected up through the VPN. We didn't bother with nickservs or chanservs or anything like that, 'cause since it was just us nobody had any interest in pretending to be someone else. Worked out perfectly fine.

    Of course, then we started writing bots to emulate our presence on the channel when we were gone ("How's the new release looking?") and the company went bankrupt, but that's beside the point. :P

    --
    Al Qaeda has ninjas!
  18. Run the server yourself by mikeswi · · Score: 2, Interesting

    Run the ircd yourself on an internal company server and deny it access to the internet.

    If you need to allow people outside the company internal network in, find out what IP address your employees will be connecting from ahead of time, make certain you are opered (/oper [ircop name] [oper password]) and check their IP address when they connect.

    If it gives you a non-numerical address, use the /dns command to do a nslookup. ex/ /dns dpc6682193179.direcpc.com would give you the IP address 66.82.193.179.

    If the person claiming to be Bob Smith emailed you ahead of time saying he was going to use that IP, then it's him. If it's nowhere close, then it's not.
    -

    --
    Only on /.