It's unfortunate some people don't see the benefit of trying to move their users to TLS, but Quakenet is the exception here. Most IRC users and networks I know encourage TLS usage and do their best to help users and chatrooms use it. I'd even like to see it required for any modern IRC server, just as HTTPS is required for any modern website. The issues brought up in your link are correct but the solution isn't to abandon encryption, just because it's difficult doesn't mean it shouldn't be attempted.

> Removed due to near constant misrepresentation of the presented argument.

Saves me the trouble of writing it out myself I guess

Your link went dead. I would greatly appreciate actually being able to read this article.

You can find a working version at

https://web.archive.org/web/20170629073046/https://www.quake...

The argument is that there's no way to move the whole IRC ecosystem to use TLS (including with enforcement of certificate checks on the client side) and so the security benefits will be radically degraded by patchwork adoption, because if even one channel participant accepts a MITM attack, all channel participants' communications will be exposed.

This seems correct to me, but I still don't find it to be an argument against TLS on IRC, just an argument that security indications perhaps shouldn't be presented to users to confirm that their communications are secure since they do depend on behaviors of remote clients that the local user's client can't confirm easily. After all, suppose you're in a channel with only 3 or 4 people and all of them are enforcing certificate checks. Then you have gotten lucky and received a tangible security improvement. Likewise for direct messages with one other user. But indeed, in the common case of a large heterogeneous IRC channel, probably there will most often be no security gain in practice against a powerful network adversary.

(And it's also a benefit for a user who's individually concerned about a nearby network adversary more than about pervasive monitoring.)

> in the common case of a large heterogeneous IRC channel

Which does not map all cases. Queries are still far from dead. And you don't want to set up a small IRCd for shady things because that might tick off law enforcement a lot more than sticking to some established network whose security you trust.

Yes, I tried to acknowledge this by writing "Likewise for direct messages with one other user". I think the author of the original anti-TLS piece was too focused on "the common case of a large heterogeneous IRC channel" to the exclusion of other cases, which I agree are very real!

UnrealIRCD has supported TLS for a very long time.

That is QuakeNet specific.

QuakeNet != Rest of IRC.