About SILC
SILC (Secure Internet Live Conferencing) is a protocol which provides
secure conferencing services in the Internet over insecure channel. SILC
is IRC like software although internally they are very different. Biggest
similarity between SILC and IRC is that they both provide conferencing
services and that SILC has almost same commands as IRC. Other than that
they are nothing alike. Biggest differences are that SILC is secure what
IRC is not in any way. The network model is also entirely different
compared to IRC.
SILC provides security services that any other conferencing protocol does
not offer today. The most popular conferencing service, IRC, is entirely
insecure. If you need secure place to talk to some people or to group of
people over the Internet, IRC or any other conferencing service, for that
matter, cannot be used. Anyone can see the messages and their contents in the IRC network. And the most worse case, some people is able to change the contents of the messages. Also, all the authentication data, such as, passwords are sent plaintext.
SILC is a lot more than just about `encrypting the traffic'. That is easy
enough to do with IRC, SSL and some ad hoc scripts, and even then the
entire network cannot be secured, only part of it. SILC provides security
services, such as, sending private messages entirely secure; no one can
see the message except you and the real receiver of the message. SILC
also provides same functionality for channels; no one except those
clients joined to the channel may see the messages destined to the
channel. Communication between client and server is also secured with
session keys, and all commands, authentication data (such as passwords
etc.) and other traffic is entirely secured. The entire network, and all
parts of it, is secured. We are not aware of any other conferencing
protocol providing same features at the present time.
SILC has secure key exchange protocol that is used to create the session
keys for each connection. SILC also provides strong authentication based
on either passwords or public key authentication. All authentication data
is always encrypted in the SILC network. All connections has their own
session keys, all channels has channel specific keys, and all private
messages can be secured with private message specific keys.
SILC is an open source (or freeware) project and it has been released
under the GNU General Public Licence. The SILC is free to use and
everyone is free to distribute and change the SILC under the terms of the
GNU GPL. While there is no guarantee for the product SILC has been tried
make as secure as possible. The fact that the software and the protocol
is open for public analysis is a good thing for end user.
Protocol specification of SILC protocol is available for anyone to look
at. There exists four Internet Drafts that has been submitted to IETF. See documentation page for more information.
Contact
Feedback and comments are welcome. You can reach me in the following Address.
Pekka Riikonen
priikone at poseidon.pspt.fi