archive

- Random tools & helpful resources for IRC
git clone git://git.acid.vegas/archive.git
Log | Files | Refs | Archive

rfc7194.txt (9497B)

      1 
      2 
      3 
      4 
      5 
      6 
      7 Independent Submission                                       R. Hartmann
      8 Request for Comments: 7194                                   August 2014
      9 Updates: 1459
     10 Category: Informational
     11 ISSN: 2070-1721
     12 
     13 
     14          Default Port for Internet Relay Chat (IRC) via TLS/SSL
     15 
     16 Abstract
     17 
     18    This document describes the commonly accepted practice of listening
     19    on TCP port 6697 for incoming Internet Relay Chat (IRC) connections
     20    encrypted via TLS/SSL.
     21 
     22 Status of This Memo
     23 
     24    This document is not an Internet Standards Track specification; it is
     25    published for informational purposes.
     26 
     27    This is a contribution to the RFC Series, independently of any other
     28    RFC stream.  The RFC Editor has chosen to publish this document at
     29    its discretion and makes no statement about its value for
     30    implementation or deployment.  Documents approved for publication by
     31    the RFC Editor are not a candidate for any level of Internet
     32    Standard; see Section 2 of RFC 5741.
     33 
     34    Information about the current status of this document, any errata,
     35    and how to provide feedback on it may be obtained at
     36    http://www.rfc-editor.org/info/rfc7194.
     37 
     38 Copyright Notice
     39 
     40    Copyright (c) 2014 IETF Trust and the persons identified as the
     41    document authors.  All rights reserved.
     42 
     43    This document is subject to BCP 78 and the IETF Trust's Legal
     44    Provisions Relating to IETF Documents
     45    (http://trustee.ietf.org/license-info) in effect on the date of
     46    publication of this document.  Please review these documents
     47    carefully, as they describe your rights and restrictions with respect
     48    to this document.
     49 
     50 
     51 
     52 
     53 
     54 
     55 
     56 
     57 
     58 Hartmann                      Informational                     [Page 1]
     59 
     60 RFC 7194            Default Port for IRC via TLS/SSL         August 2014
     61 
     62 
     63 Table of Contents
     64 
     65    1. Rationale .......................................................2
     66    2. Technical Details ...............................................2
     67       2.1. Connection Establishment ...................................2
     68       2.2. Certificate Details ........................................3
     69            2.2.1. Server Certificate ..................................3
     70            2.2.2. Client Certificate ..................................3
     71    3. Security Considerations .........................................3
     72    4. IANA Considerations .............................................4
     73    5. Normative References ............................................4
     74    6. Informative References ..........................................4
     75    7. Acknowledgements ................................................5
     76    Appendix A. Supporting Data ........................................6
     77 
     78 1.  Rationale
     79 
     80    Although system port assignments exist for IRC traffic that is plain
     81    text (TCP/UDP port 194) or TLS/SSL encrypted (TCP/UDP port 994)
     82    [IANALIST], it is common practice amongst IRC networks not to use
     83    them for reasons of convenience and general availability on systems
     84    where no root access is granted or desired.
     85 
     86    IRC networks have defaulted to listening on TCP port 6667 for plain
     87    text connections for a considerable time now.  This is covered by the
     88    IRCU assignment of TCP/UDP ports 6665-6669.
     89 
     90    Similar consensus has been reached within the IRC community about
     91    listening on TCP port 6697 for incoming IRC connections encrypted via
     92    TLS/SSL [RFC5246].
     93 
     94 2.  Technical Details
     95 
     96 2.1.  Connection Establishment
     97 
     98    An IRC client connects to an IRC server.  Immediately after that, a
     99    normal TLS/SSL handshake takes place.  Once the TLS/SSL connection
    100    has been established, a normal IRC connection is established via the
    101    tunnel.  Optionally, the IRC server may set a specific user mode
    102    (umode) for the client, marking it as using TLS/SSL.  Again,
    103    optionally, an IRC server might offer the option to create channels
    104    in such a way that only clients connected via TLS/SSL may join.
    105 
    106    For details on how IRC works, see [RFC1459], [RFC2810], [RFC2811],
    107    [RFC2812], and [RFC2813].  Please note that IRC is extremely
    108    fragmented, and implementation details can vary wildly.  Most
    109    implementations regard the latter RFCs as suggestions, not as
    110    binding.
    111 
    112 
    113 
    114 Hartmann                      Informational                     [Page 2]
    115 
    116 RFC 7194            Default Port for IRC via TLS/SSL         August 2014
    117 
    118 
    119 2.2.  Certificate Details
    120 
    121 2.2.1.  Server Certificate
    122 
    123    The IRC server's certificate should be issued by a commonly trusted
    124    certification authority (CA).
    125 
    126    The Common Name should match the Fully Qualified Domain Name (FQDN)
    127    of the IRC server or have appropriate wildcards, if applicable.
    128 
    129    The IRC client should verify the certificate.
    130 
    131 2.2.2.  Client Certificate
    132 
    133    If the client is using a certificate as well, it should be issued by
    134    a commonly trusted CA or a CA designated by the IRC network.
    135 
    136    The certificate's Common Name should match the main IRC nickname.
    137 
    138    If the network offers nick registration, this nick should be used.
    139 
    140    If the network offers grouped nicks, the main nick or account name
    141    should be used.
    142 
    143    If the network offers nick registration, the client certificate
    144    should be used to identify the user against the nick database.  See
    145    [CERTFP] for a possible implementation.
    146 
    147 3.  Security Considerations
    148 
    149    The lack of a common, well-established listening port for IRC via
    150    TLS/SSL could lead to end users being unaware of their IRC network of
    151    choice supporting TLS/SSL.  Thus, they might not use encryption even
    152    if they wanted to.
    153 
    154    It should be noted that this document merely describes client-to-
    155    server encryption.  There are still other attack vectors like
    156    malicious administrators, compromised servers, insecure server-to-
    157    server communication, channels that do not enforce encryption for all
    158    channel members, malicious clients, or comprised client machines on
    159    which logs are stored.
    160 
    161    Those attacks can by their very nature not be addressed by client-to-
    162    server encryption.  Additional safeguards are needed if a user fears
    163    any of the threats above.
    164 
    165 
    166 
    167 
    168 
    169 
    170 Hartmann                      Informational                     [Page 3]
    171 
    172 RFC 7194            Default Port for IRC via TLS/SSL         August 2014
    173 
    174 
    175    This document does not address server links as there are no commonly
    176    accepted ports or even back-end protocols.  Ports and back-end
    177    protocols are normally established in a bilateral agreement.  All
    178    operators are encouraged to use strong encryption for back-end
    179    traffic, no matter if they offer IRC via TLS/SSL to end users.
    180 
    181 4.  IANA Considerations
    182 
    183    An assignment of TCP port 6697 for IRC via TLS/SSL has been made.
    184    The service name is "ircs-u" and the description "Internet Relay Chat
    185    via TLS/SSL":
    186 
    187    ircs-u  6697/tcp       Internet Relay Chat via TLS/SSL
    188 
    189 5.  Normative References
    190 
    191    [RFC1459]  Oikarinen, J. and D. Reed, "Internet Relay Chat Protocol",
    192               RFC 1459, May 1993.
    193 
    194    [RFC2810]  Kalt, C., "Internet Relay Chat: Architecture", RFC 2810,
    195               April 2000.
    196 
    197    [RFC2811]  Kalt, C., "Internet Relay Chat: Channel Management", RFC
    198               2811, April 2000.
    199 
    200    [RFC2812]  Kalt, C., "Internet Relay Chat: Client Protocol", RFC
    201               2812, April 2000.
    202 
    203    [RFC2813]  Kalt, C., "Internet Relay Chat: Server Protocol", RFC
    204               2813, April 2000.
    205 
    206    [RFC5246]  Dierks, T. and E. Rescorla, "The Transport Layer Security
    207               (TLS) Protocol Version 1.2", RFC 5246, August 2008.
    208 
    209 6.  Informative References
    210 
    211    [IANALIST] IANA, "Service Name and Transport Protocol Port Number
    212               Registry", <http://www.iana.org/assignments/
    213               service-names-port-numbers>.
    214 
    215    [TOP100]   netsplit.de, "IRC Networks - Top 100",
    216               <http://irc.netsplit.de/networks/top100.php>.
    217 
    218    [MAVERICK] netsplit.de, "IRC Networks - in alphabetical order",
    219               <http://irc.netsplit.de/networks/
    220               lists.php?query=maverick>.
    221 
    222 
    223 
    224 
    225 
    226 Hartmann                      Informational                     [Page 4]
    227 
    228 RFC 7194            Default Port for IRC via TLS/SSL         August 2014
    229 
    230 
    231    [CERTFP]   The Open and Free Technology Community, "OFTC -
    232               NickServ/CertFP",
    233               <http://www.oftc.net/oftc/NickServ/CertFP>.
    234 
    235 7.  Acknowledgements
    236 
    237    Thanks go to the IRC community at large for reaching a consensus.
    238 
    239    Special thanks go to the IRC operators who were eager to support port
    240    6697 on their respective networks.
    241 
    242    Special thanks also go to Nevil Brownlee and James Schaad for working
    243    on this document in their capacities as Independent Submissions
    244    Editor and Reviewer, respectively.
    245 
    246 
    247 
    248 
    249 
    250 
    251 
    252 
    253 
    254 
    255 
    256 
    257 
    258 
    259 
    260 
    261 
    262 
    263 
    264 
    265 
    266 
    267 
    268 
    269 
    270 
    271 
    272 
    273 
    274 
    275 
    276 
    277 
    278 
    279 
    280 
    281 
    282 Hartmann                      Informational                     [Page 5]
    283 
    284 RFC 7194            Default Port for IRC via TLS/SSL         August 2014
    285 
    286 
    287 Appendix A.  Supporting Data
    288 
    289    As of October 2010, out of the top twenty IRC networks [TOP100]
    290    [MAVERICK], ten support TLS/SSL.  Only one of those networks does not
    291    support TLS/SSL via port 6697 and has no plans to support it.  All
    292    others supported it already or are supporting it since being
    293    contacted by the author.  A more detailed analysis is available but
    294    does not fit within the scope of this document.
    295 
    296 Authors' Address
    297 
    298    Richard Hartmann
    299    Munich
    300    Germany
    301 
    302    EMail: richih.mailinglist@gmail.com
    303    URI:   http://richardhartmann.de
    304 
    305 
    306 
    307 
    308 
    309 
    310 
    311 
    312 
    313 
    314 
    315 
    316 
    317 
    318 
    319 
    320 
    321 
    322 
    323 
    324 
    325 
    326 
    327 
    328 
    329 
    330 
    331 
    332 
    333 
    334 
    335 
    336 
    337 
    338 Hartmann                      Informational                     [Page 6]
    339