-Frequently Asked Questions
-
-
-Q: What is SILC?
-A: SILC (Secure Internet Live Conferencing) is a protocol which provides
- secure conferencing services in the Internet over insecure channel.
- SILC superficially resembles IRC although internally they are very
- different. Biggest similarity between SILC and IRC is that they both
- provide conferencing services and that SILC has almost same commands
- as IRC. Other than that they are nothing alike. Biggest differences
- are that SILC is secure what IRC is not in any way. The network model
- is also entirely different compared to IRC.
-
-
-Q: Why SILC in the first place?
-A: Simply for fun, nothing more. An actually for need back then when
- it was started. SILC has been very interesting and educational
- project.
-
-
-Q: When SILC will be completed?
-A: SILC still has a lot things to do. The time of completion is much
- related to how many interested people is willing to join the effort.
- It will be ready when it is ready. The reason for release of the
- current development version is just to get it out and people aware
- that something like this exist.
-
-
-Q: Why use SILC? Why not IRC with SSL?
-A: Sure, that is possible, although, does that secure the entire IRC
- network? And does that increase or decrease the lags and splits in
- the IRC network? Does that provide user based security where some
- specific private message are secured.? Does that provide security
- where some specific channel messages are secured? Security is not
- just about applying encryption to traffic and SILC is not just about
- `encrypting the traffic'. You cannot make insecure protocol suddenly
- secure just by encrypting the traffic. SILC is not meant to be IRC
- replacement. IRC is good for some things, SILC is good for same and
- some other things.
-
-
-Q: Can I use SILC with IRC client? What about can I use IRC with SILC
- client?
-A: Answer for both question is no. IRC client is in no way compatible
- with SILC server. SILC client cannot currently use IRC but this may
- change in the future if IRC support is added to the SILC client.
- After that one could use both SILC and IRC with the same client.
- Although, even then one cannot talk from SILC network to IRC network.
- That just is not possible.
-
-
-Q: Why client/server protocol is based on IRC? Would it be more
- interesting to implement something extensible and more powerful?
-A: They are not, not the least. Have you read the protocol
- specification? The client superficially resembles IRC client but
- everything that happens under the hood is nothing alike IRC. SILC
- could *never* support IRC because the entire network toppology is
- different (hopefully more scalable and powerful). So no, SILC protocol
- (client or server) is not based on IRC. Instead, I've taken good
- things from IRC and leaved all the bad things behind and not even tried
- to burden myself with the IRC caveats that will burden IRC and future
- IRC projects til the end. SILC client resembles IRC client because it
- is easier for new users to start using SILC when they already know all
- the commands.
-
-
-Q: Why SILC? Why not IRC3?
-A: Question that is justified no doubt of that. I didn't start doing SILC
- to be replacement for IRC. SILC was something that didn't exist in
- 1996 or even today except that SILC is now released. However, I did
+ Frequently Asked Questions
+
+ [16]1. General Questions
+ [17] 1.1 What is SILC?
+ [18] 1.2 When was SILC Project started?
+ [19] 1.3 Why SILC in the first place?
+ [20] 1.4 What license covers the SILC release?
+ [21] 1.5 Why SILC? Why not IRC3?
+ [22] 1.6 What platforms SILC supports?
+ [23] 1.7 Where can I find more information?
+ [24] 1.8 I would like to help out, what can I do?
+
+ [25]2. Protocol Questions
+ [26] 2.1 What is the status of SILC protocol in the IETF?
+ [27] 2.2 How much the SILC protocol is based on IRC?
+ [28] 2.3 Why use SILC? Why not IRC with SSL?
+ [29] 2.4 Can I talk from SILC network to IRC network?
+ [30] 2.5 Does SILC support file transfer?
+ [31] 2.6 Does SILC support DCC or alike?
+ [32] 2.7 I am behind a firewall, can I use SILC?
+ [33] 2.8 How secure SILC really is?
+ [34] 2.9 Does SILC support instant messaging?
+ [35] 2.10 Why SILC does not have LINKS command like in IRC?
+ [36] 2.11 Why SILC does not have STATS command like in IRC?
+ [37] 2.12 Is anyone outside a channel able to see the channel
+ messages?
+ [38] 2.13 I have suggestions to SILC Protocol, what can I do?
+
+ [39]3. Client Questions
+ [40] 3.1 Where can I find SILC clients?
+ [41] 3.2 Can I use SILC with IRC client and vice versa?
+
+ [42]4. Server Questions
+ [43] 4.1 Where can I find SILC servers?
+ [44] 4.2 Can I run own SILC server?
+ [45] 4.3 What is the difference between SILC server and SILC
+ router?
+ [46] 4.4 Why server says permission denied to write to a log file?
+ [47] 4.5 When I connect to to my server, it says "server does not
+ support one of your proposed cipher", what is wrong?
+
+ [48]5. Toolkit Questions
+ [49] 5.1 What is SILC Toolkit?
+ [50] 5.2 Is the SILC Toolkit Reference Manual Available?
+ [51] 5.3 How do I compile the Toolkit on Unix?
+ [52] 5.4 How do I compile the Toolkit on Win32?
+ [53] 5.5 Does the Toolkit package include any sample code?
+
+ 1. General Questions
+
+ Q: What is SILC?
+ A: SILC (Secure Internet Live Conferencing) is a protocol which
+ provides secure conferencing services in the Internet over insecure
+ channel. SILC is IRC like although internally they are very different.
+ Biggest similarity between SILC and IRC is that they both provide
+ conferencing services and that SILC has almost same commands as IRC.
+ Other than that they are nothing alike.
+
+ Biggest differences are that SILC is secure what IRC is not in any
+ way. The network model is also entirely different compared to IRC.
+
+ Q: When was SILC Project started?
+ A: The SILC development started in 1996 and early 1997. But, for
+ various reasons it suspended many times until it finally got some wind
+ under its wings in 1999. First public release was in summer 2000.
+
+ Q: Why SILC in the first place?
+ A: Simply for fun, nothing more. And actually for need back in the
+ days when it was started. When SILC was first developed there really
+ did not exist anything like this. SILC has been very interesting and
+ educational project.
+
+ Q: What license covers the SILC release?
+ A: The SILC software developed here at silcnet.org, the SILC Client,
+ the SILC Server and the SILC Toolkit are covered by the GNU General
+ Public License.
+
+ Q: Why SILC? Why not IRC3?
+ A: Question that is justified no doubt of that. SILC was not started
+ to become a replacement for IRC. SILC was something that didn't exist
+ in 1996 or even today except that SILC is now released. However, I did
check out the IRC3 project in 1997 when I started coding and planning
the SILC protocol.
- But, IRC3 is problematic. Why? Because it still doesn't exist. The
- project is at the same spot where it was in 1997 when I checked it out.
- And it was old project back then as well. Couple of months ago I
- checked it again and nothing were happening. That's the problem of IRC3
- project. The same almost happened to SILC as well as I wasn't making
- real progress over the years. I talked to the original author of IRC,
- Jarkko Oikarinen, in 1997 and he directed me to the IRC3 project,
- although he said that IRC3 is a lot of talking and not that much of
- anything else. I am not trying to put down the IRC3 project but its
- problem is that no one in the project is able to make a decision what
- is the best way to go about making the IRC3 and I wasn't going to be
- part of that. The fact is that if I would've gone to IRC3 project,
- nor IRC3 or SILC would exist today. I think IRC3 could be something
- really great if they just would get their act together and start
- coding the thing.
-
-
-Q: How secure SILC really is?
-A: A good question which I don't have a answer. SILC has been tried to
- make as secure as possible. However, there is no security protocol
- or security software that has not been vulnerable to some sort of
- attacks. SILC is in no means different from this. So, it is suspected
- that there are security holes in the SILC. These holes just needs to
- be found so that they can be fixed.
+ But, IRC3 is problematic. Why? Because it still doesn't exist. The
+ project is almost at the same spot where it was in 1997 when I checked
+ it out. And it was old project back then as well. That's the problem
+ of IRC3 project. The same almost happened to SILC as well as I wasn't
+ making real progress over the years. I talked to the original author
+ of IRC, Jarkko Oikarinen, in 1997 and he directed me to the IRC3
+ project, although he said that IRC3 is a lot of talking and not that
+ much of anything else. I am not trying to put down the IRC3 project
+ but its problem is that no one in the project is able to make a
+ decision what is the best way to go about making the IRC3 and I wasn't
+ going to be part of that. The fact is that if I would've gone to IRC3
+ project, nor IRC3 or SILC would exist today. I think IRC3 could be
+ something really great if they just would get their act together and
+ start coding the thing.
+
+ Q: What platforms SILC supports?
+ A: The SILC Client is available on various Unix systems and is
+ reported to work under cygwin on Windows. The SILC Server also works
+ on various Unix systems. However, the server has not been tested under
+ cygwin as far as we know. The SILC Toolkit is distributed for all
+ platforms, Unix, Cygwin and native Windows.
+
+ Q: Where can I find more information?
+ A: For more technical information we suggest reading the SILC Protocol
+ specifications. You might also want to take a look at the
+ [54]documentation page on the web page.
+
+ Q: I would like to help out, what can I do?
+ A: You might want to take a look at the [55]Contributing page and the
+ [56]TODO list. You might also want to join the SILC development
+ mailing list.
+
+ 2. Protocol Questions
+
+ Q: What is the status of SILC protocol in the IETF?
+ A: The SILC protocol specifications has been submitted currently as
+ individual submissions. There does not currently exist a working group
+ for this sort of project. Our goal is to fully standardize the SILC
+ and thus submit it as RFC to the [57]IETF at a later time.
+
+ Q: How much SILC Protocol is based on IRC?
+ A: SILC is not based on IRC. The client superficially resembles IRC
+ client but everything that happens under the hood is nothing alike
+ IRC. SILC could *never* support IRC because the entire network
+ toppology is different (hopefully more scalable and powerful). So no,
+ SILC protocol (client or server) is not based on IRC. Instead, We've
+ taken good things from IRC and left all the bad things behind and not
+ even tried to burden the SILC with the IRCs problems that will burden
+ IRC and future IRC projects till the end. SILC client resembles IRC
+ client because it is easier for new users to start using SILC when
+ they already know all the commands.
+
+ Q: Why use SILC? Why not IRC with SSL?
+ A: Sure, that is possible, although, does that secure the entire IRC
+ network? And does that increase or decrease the lags and splits in the
+ IRC network? Does that provide user based security where some specific
+ private message are secured? Does that provide security where some
+ specific channel messages are secured? And I know, you can answer yes
+ to some of these questions. But, security is not just about applying
+ encryption to traffic and SILC is not just about `encrypting the
+ traffic`. You cannot make insecure protocol suddenly secure just by
+ encrypting the traffic. SILC is not meant to be IRC replacement. IRC
+ is good for some things, SILC is good for same and some other things.
+
+ Q: Can I talk from SILC network to IRC network?
+ A: Simple answer for this is No. The protocols are not compatible
+ which makes it impossible to directly talk from SILC network to IRC
+ network or vice versa. Developing a gateway between these two networks
+ would technically be possible but from security point of view strongly
+ not recommended. We have no plans for developing such a gateway.
+
+ Q: Does SILC support file transfer?
+ A: Yes. The SILC protocol support SFTP as mandatory file transfer
+ protocol. It provides simple client to client file transfer, but also
+ a possibility for file and directory manipulation. Even though the
+ SFTP is the file transfer protocol the support for file transferring
+ has been done so that practically any file transfer protocol may be
+ used with SILC protocol.
+
+ Q: Does SILC support DCC or alike?
+ A: SILC does not support the DCC commonly used in IRC. It does not
+ need it since it has builtin support for same features that DCC have.
+ You can transfer files securely and encrypted directly with another
+ client. You can also negotiate secret key material with another client
+ directly to use it in private message encryption. The private messages
+ are not, however sent directly between clients. The protocol, on the
+ hand does not prohibit sending messages directly between clients if
+ the implementation would support it. The current SILC Client
+ implementation does not support it. This means that private messages
+ travel through the SILC Network. SILC protocol also has a capability
+ to support DCC and CTCP like protocols with SILC. None of them,
+ however have not been defined to be used with SILC at the present
+ time.
+
+ Q: I am behind a firewall, can I use SILC?
+ A: Yes. If your network administrator can open the port 706 (TCP) you
+ can use SILC without problems. You may also compile your SILC client
+ with SOCKS support which will proxy your SILC session through the
+ firewall.
+
+ Q: How secure SILC really is?
+ A: A good question which I don't have an answer for. We have tried to
+ make SILC as secure as possible. However, there is no security
+ protocol or security software that has not been vulnerable to some
+ sort of attacks. SILC is in no means different from this. So, it is
+ suspected that there are security holes in the SILC. These holes just
+ need to be found so that they can be fixed.
But to give you some parameters of security SILC uses the most secure
- crytographic algorithms such as Blowfish, RC5, Twofish, etc. SILC
- does not have DES or 3DES as DES is insecure and 3DES is just too
- slow. SILC also uses cryptographically strong random number generator
- when it needs random numbers. Public key cryptography uses RSA
- and Diffie Hellman algorithms. Key lengths for ciphers are initially
- set to 128 bits but many algorithm supports longer keys. For public
- key algorithms the starting key length is 1024 bits.
-
- But the best answer for this question is that SILC is as secure as
- its weakest link. SILC is open and the protocol is open and in public
- thus open for security analyzes.
+ crytographic algorithms such as AES(Rijndael), Twofish, Blowfish, RC5,
+ etc. SILC does not have DES or 3DES as DES is insecure and 3DES is
+ just too slow. SILC also uses cryptographically strong random number
+ generator when it needs random numbers. Public key cryptography uses
+ RSA (PKCS #1) and Diffie-Hellman algorithms. Key lengths for ciphers
+ are initially set to 256. For public key algorithms the starting key
+ length is 1024 bits.
+
+ But the best answer for this question is that SILC is as secure as its
+ weakest link. SILC is open and the protocol is open and in public thus
+ open for security analysis.
To give a list of attacks that are ineffective against SILC:
- o Man-in-the-middle attacks are ineffective if proper public key
- infrastructure is used. SILC is vulnerable to this attack if
- the public keys used in the SILC are not verified to be trusted.
+ - Man-in-the-middle attacks are ineffective if proper public key
+ infrastructure is used. SILC is vulnerable to this attack if the
+ public keys used in the SILC are not verified to be trusted (as any
+ other protocol for that matter).
+ - IP spoofing is ineffective (because of encryption and trusted keys).
+ - Attacks that change the contents of the data or add extra data to
+ the packets are ineffective (because of encryption and integrity
+ checks).
+ - Passive attacks (listenning network traffic) are ineffective
+ (because of encryption). Everything is encrypted including
+ authentication data such as passwords when they are needed.
+ - Any sort of cryptanalytic attacks are tried to make ineffective by
+ using the best cryptographic algorithms out there.
+
+ Q: Does SILC support instant messaing?
+ A: SILC is not an instant message (IM) system, like ICQ and the
+ others. SILC is more IRC like system, "real-time", connection-oriented
+ chat and that kind of stuff. But I guess IRC is too called an Instant
+ Messaging system.
+
+ Q: Why SILC does not have LINKS command like in IRC?
+ A: It was felt that this information as an own command in SILC is not
+ necessary. Moreover, the topology of the network might be undisclosed
+ information even though the servers and routers in the network are
+ still open. We feel that the network topology information, if it is
+ wanted to be public, and the list of accessible servers can be made
+ available in other ways than providing command like LINKS, which shows
+ the active server links in IRC.
+
+ Q: Why SILC does not have STATS command like in IRC?
+ A: This too was considered as information that the protocol should not
+ address. We feel that server implementations will need to implement
+ some sort of adminstrative plugin, or module which provides various
+ means of accessing statistical and other information in the server.
+ And, we do consider this implementation issue, not protocol design
+ issue.
+
+ Q: Is anyone outside a channel able to see the channel messages?
+ A: A short answer is simply No. A longer answer involves assumptions
+ about security conditions. Initially channel keys are generated by the
+ server, so if the server would get compromised it would be possible
+ for an adversary to see the messages. However, users on the channel
+ can prevent this even if the server would be compromised. It is
+ possible to set so called channel private key that only the users on
+ the channel know about. The servers does not know about the key, and
+ therefore cannot see the messages even if they would be compromised.
+ So, longer answer results into same as the short one; No.
+
+ Q: I have suggestions to SILC Protocol, what can I do?
+ A: All suggestions and improvements are of course welcome. You should
+ read the protocol specifications first to check out whether your idea
+ is covered by them already. The best place to make your idea public is
+ the SILC development mailing list.
+
+ 3. Client Questions
+
+ Q: Where can I find SILC clients?
+ A: The SILC client is available for free download from the silcnet.org
+ web page. Some people have also mentioned words Java and Perl when
+ talking about SILC clients. Nothing has appeared yet, though.
+
+ Q: Can I use SILC with IRC client and vice versa?
+ A: Generally the answer would be no for both. However, there exist
+ already at least one IRC client that supports SILC, the [58]Irssi
+ client. The current SILC client is actually based on the user
+ interface of the Irssi client. So, yes it is possible to use SILC with
+ some IRC clients and vice versa. But, this does not mean that you can
+ talk from SILC network to IRC network, that is not possible.
+
+ 4. Server Questions
+
+ Q: Where can I find SILC servers?
+ A: The SILC server is available for free download from the silcnet.org
+ web page. We are not aware of any other SILC server implementations,
+ so far.
+
+ Q: Can I run own SILC server?
+ A: Yes of course. Download the SILC server package, compile and
+ install it. Be sure to check out the installation instructions and the
+ README file. You also should decide whether you want to run SILC
+ server or SILC router.
+
+ Q: What is the difference between SILC server and SILC router?
+ A: The topology of the SILC network includes SILC routers and the SILC
+ servers (and SILC clients of course). Normal SILC server does not have
+ direct connections with other SILC servers. They connect directly to
+ the SILC router. SILC Routers may have several server connections and
+ they may connect to several SILC routers. The SILC routers are the
+ servers in the network that know everything about everything. The SILC
+ servers know only local information and query global information from
+ the router when necessary.
+
+ If you are running SILC server you want to run it as router only if
+ you want to have server connections in it and are prepared to accept
+ server connections. You also need to get the router connected to some
+ other router to be able to join the SILC network. You may run the
+ server as normal SILC server if you do not want to accept other server
+ connections or cannot run it as router.
+
+ Q: Why server says permission denied to write to a log file?
+ A: The owner of the log files must be same user that the server is run
+ under, by default it is user `nobody'. Just change the permissions and
+ try again.
+
+ Q: When I connect to my server it says "server does not support one of
+ your proposed ciphers", what is wrong?
+ A: Most likely the ciphers and others has not been compiled as SIMs
+ (modules) and they are configured as modules in the silcd.conf. If
+ they are not compiled as modules remove the module paths from the
+ ciphers and hash functions from the silcd.conf, so that the server use
+ the builtin ciphers. Then try connecting to the server again. It is
+ also possible that the client IS proposing some ciphers that your
+ server does not support.
+
+ 5. Toolkit Questions
- o IP spoofing is ineffective (because of encryption and trusted
- keys).
+ Q: What is SILC Toolkit?
+ A: SILC Toolkit is a package intended for software developers who
+ would like to develope their own SILC based applications or help in
+ the development of the SILC. The Toolkit includes SILC Protocol Core
+ library, SILC Crypto library, SILC Key Exchange (SKE) library, SILC
+ Math library, SILC Modules (SIM) library, SILC Utility library, SILC
+ Client library and few other libraries.
- o Attacks that change the contents of the data or add extra
- data to the packets are ineffective (because of encryption and
- integrity checks).
+ Q: Is the SILC Toolkit Reference Manual Available?
+ A: Yes, partially completed reference manual is available in the
+ Toolkit releases as HTML package and they are available from the
+ silcnet.org website as well at the [59]documentation page.
- o Passive attacks (listenning network traffic) are ineffective
- (because of encryption). Everything is encrypted including
- authentication data such as passwords when they are needed.
+ Q: How do I compile the Toolkit on Unix?
+ A: You should read the INSTALL file from the package and follow its
+ instructions. The compilation on Unix is as simple as compiling any
+ other SILC package. Give, `./configure' command and then `make'
+ command.
- o Any sort of cryptanalytic attacks are tried to make ineffective
- by using the best cryptographic algorithms out there.
+ Q: How do I compile the Toolkit on Win32?
+ A: We have prepared instructions to compile the Toolkit on Win32 in
+ the Toolkit package. Please, read the README.WIN32 file from the
+ package for detailed instructions how to compile the Toolkit for
+ Cygwin, MinGW and native Win32 systems. We have also prepared ready
+ MSVC++ Workspace files in the win32/ directory in the package that
+ will compile automatically the Toolkit.
+ Q: Does the Toolkit package include any sample code?
+ A: Yes, naturally. It includes sample codes for two different SILC
+ Client implementations, and SILC Server. Win32 samples are included in
+ the win32/ directory, for simple client.
-More to come later...
projects / silc.git / commitdiff