-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: urcd action: commit revision: path_from: revision_from: de6657b3c9b62c38290864655d6fef765e33bc57: path_to: revision_to:
commit de6657b3c9b62c38290864655d6fef765e33bc57
Author: root <root@localhost.(none)>
Date: Tue Sep 16 23:19:03 2014 +0000
[URC] documentation update
diff --git a/README b/README
--- a/README
+++ b/README
@@ -30,29 +30,6 @@ todo:
add encrypted channels to urc2sd.
-quick install (not recommended):
-
- # install dependencies, if you haven't already
- ./install-ucspi-tcp.sh
- ./install-libtai.sh
-
- # recommended over ./install-libsodium.sh
- ./install-nacl.sh
-
- useradd urcd
-
- $editor env/*
-
- # OpenBSD
- echo '-ftrampolines' > conf-cc
-
- # if python2.6
- sed 's/\.7/.6/g' Make.sh | sh -v
-
- # elif python2.7
- ./Make.sh
- ./bin/urcd.sh $ntwrk
-
install (recommended):
# install dependencies, if you haven't already
@@ -89,51 +66,6 @@ install (recommended):
### see the hub2hub section below it is ###
### recommended to connect to 3 urchubs ###
-adding curvecp:
- mkdir -p /services/urcd-curvecp
-
- ln -s `pwd`/env /services/urcd-curvecp/env
- ln -s `pwd`/urcd /services/urcd-curvecp/urcd
- ln -s `pwd`/run.urcd-curvecp /services/urcd-curvecp/run
-
- curvecpmakekey /services/urcd-curvecp/curvecp
-
- find /services/urcd-curvecp/curvecp -type d -exec chmod 700 {} \;
- find /services/urcd-curvecp/curvecp -type f -exec chmod 600 {} \;
- chown urcd /services/urcd-curvecp/curvecp -R
-
- ln -s /services/urcd-curvecp /service/urcd-curvecp
-
- sleep 4
- svstat /service/urcd-curvecp
-
- echo "PUBKEY: `curvecpprintkey /services/urcd-curvecp/curvecp`"
-
- curvecp + irc client (test):
-
- tcpserver 127.0.0.1 6667 \
- curvecpclient irc.d3v11.ano `curvecpprintkey /services/urcd-curvecp/curvecp` \
- `cat env/addr` `cat env/port` 01110101011100100110001101100100 \
- curvecpmessage -c ./ucspi-stream &
-
- irssi -c 127.0.0.1
-
-interface:
- place an executable program in the cwd
- of urcd named 'stdin'. the program reads
- stdin from the irc client. anything your
- program writes to stdout will be written
- to urcd
-
- place an executable program in the cwd
- of urcd named 'stdout'. the program reads
- stdin from urcd. anything your program
- writes to stdout will be written to the
- irc client
-
- for urc2sd follow the same process. happy
- hacking.
-
no censorship (security):
URC networks are censorship resistant. i
recommend URCSIGN and/or URCCRYPTOBOX to
@@ -156,230 +88,10 @@ no censorship (security):
/ignore friend!*@* ALL UNIGNORE
/ignore *!VERIFIED@* ALL UNIGNORE
-URCSIGN (prototype, subject to change):
- ./sign_keypair
-
- # (global) save your seckey/pubkey and secure them
- $editor env/URCSIGNPUBKEY
- $editor env/URCSIGNSECKEY
- chmod 600 env/URCSIGNSECKEY
-
- # use a specific seckey for a destination, or override global
- mkdir -p urcsignseckeydir
- echo urcsignseckeydir > env/URCSIGNSECKEYDIR
- echo $seckey > urcsignseckeydir/\#channel
- chmod 600 urcsignseckeydir/
-
- # save your friends' pubkeys and secure them
- mkdir -p urcsigndb/
- chmod 600 urcsigndb/
- echo $pubkey > urcsigndb/$nick
- echo urcsigndb/ > env/URCSIGNDB
-
- # use a specific pubkey for a destination, or override global
- mkdir -p urcsignpubkeydir
- echo urcsignpubkeydir > env/URCSIGNPUBKEYDIR
- echo $pubkey > urcsignpubkeydir/\#channel/nick
- chmod 600 urcsignpubkeydir/
-
- # urcd will replace the user field with VERIFIED for valid
- # signatures and replace all other user fields with URCD.
- # see "no censorship" above.
-
-URCCRYPTOBOX:
- # urcd can provide secret and encrypted PM
-
- ./keypair
- echo $seckey > env/URCCRYPTOBOXSECKEY
- mkdir -p urccryptoboxdir/
- echo urccryptoboxdir > env/URCCRYPTOBOXDIR
- echo $pubkey > urccryptoboxdir/$nick
- chmod 600 urccryptoboxdir/
-
- # use a specific seckey for a destination, or override global
- mkdir -p urccryptoboxseckeydir/
- echo urccryptoboxseckeydir > env/URCCRYPTOBOXSECKEYDIR
- echo $seckey > urccryptoboxseckeydir/$nick
- chmod 600 urccryptoboxseckeydir/
-
- # urcd will replace the user field with VERIFIED for valid
- # authentication and replace all other user fields with URCD.
- # see "no censorship" above.
-
- URCCRYPTOBOXPFS:
- # urcd can provide secret perfect forward secrecy for encrypted PM
- # for destinations already configured for URCCRYPTOBOX. urcd will
- # send and error notice when unable to decrypt a session box. simply
- # respond to your friend to exchange session keys. if you want to
- # change session keys, simply /reconnect. urcd will not store any
- # session cryptography. both parties need to have this enabled to work.
-
- echo urccryptoboxpfs/ > env/URCCRYPTOBOXPFS
- mkdir -p urccryptoboxpfs/
- chmod 600 urccryptoboxpfs/
- touch urccryptoboxpfs/$nick
-
-URCSECRETBOX:
- urcd can provide secret and encrypted channels
- using a 64 byte hexadecimal key
-
- ./keypair # you only need the seckey
- mkdir -p urcsecretboxdir/
- echo urcsecretboxdir > env/URCSECRETBOXDIR
- echo $seckey > urcsecretboxdir/\#channel
- chmod 600 urcsecretboxdir/
-
- clients can also create channel encryption temporarily
- by submitting passwords to urcd.
- e.g.:
-
- /JOIN #channel password
- /MODE #channel +k password
-
-urcd PASS command (prototype, subject to change):
- remote clients can set or override URCSIGNSECKEY and/or
- URCCRYPTOBOXSECKEY by sending NaCl secret keys to urcd in
- hexadecimal format using the PASS command. there are three
- acceptable formats:
-
- 0.) a 128 byte key will set URCSIGNSECKEY only.
-
- 1.) a 64 byte key will set URCCRYPTOBOXSECKEY only.
-
- 2.) a 192 byte key will set URCCRYPTOBOXSECKEY using the first
- 64 bytes, and set URCSIGNSECKEY using the last 128 bytes.
-
hub2hub:
test -e /services/urcd-hub0/ || ./bin/add-urchub
- ./bin/add-urcstream2hub /service/urcd/socket/ /service/urcd-hub0/socket/
./bin/add-hublisten your.urcd.ano 6789 /service/urcd-hub0/socket/
./bin/add-hubconnect peer.urcd.ano 6789 /service/urcd-hub0/socket/
CryptoServ (requires NaCl):
- # stdin.cryptoserv will create cryptoservroot/urcsigndb
- # cryptoservroot/urccryptoboxdir, and cryptoservroot/urccryptoboxpfs
- # and point env/URCCRYPTOBOXDIR, env/URCCRYPTOBOXPFS, and
- # env/URCSIGNDB accordingly.
-
ln -s stdin.cryptoserv stdin
-
-urc2sd:
- #urc2sd follows a similar convention as urcd by using a format
- #that distinguishes signed messages from nonverified messages.
- #i.e: signed messages appear as: "nick!sign@server> msg",
- #while nonsigned messages appear as "nick!urcd@server> msg".
- #urc2sd filters traffic coming from the urc network reliably
- #this way by using the ban and except masks set by the chanops
- #on the the ircnet's channels.
-
- mkdir -p /services/urc2sd
-
- ln -s `pwd`/urc2sd /services/urc2sd/urc2sd
- ln -s `pwd`/ucspi-client2server /services/urc2sd/ucspi-client2server
-
- # default
- ln -s `pwd`/run.urc2sd /services/urc2sd/run
-
- # tor
- ln -s `pwd`/run.urc2sd-tor /services/urc2sd/run
- ln -s `pwd`/ucspi-socks4aclient /services/urc2sd/ucspi-socks4aclient
-
- printf $addr > /services/urc2sd/addr
- printf $port > /services/urc2sd/port
- printf '/services/urcd-hub0/socket/' > /services/urc2sd/path
- printf 'urcd' > /services/urc2sd/nick
- printf '#channel' > /services/urc2sd/channels
-
- touch /services/urc2sd/auto_cmd
-
- ln -s /services/urc2sd /service/urc2sd
-
-POLICY and ISUPPORT:
- these values are filenames inside env/ and contain different types of data.
-
- IDLE:
- integer argument with a default of 2048 seconds. this value dictates how long
- remote clients can idle before their presence is dropped.
-
- PING:
- integer argument with a default of 16 seconds. this value dictates the ping
- intervals to a client, and the amount of time a client has to perform
- a connection. if PING is activated and the client doesn't respond within
- the specified time before TIMEOUT, the client is dropped. a 0 value will
- disable this feature.
-
- URCDB:
- default is empty. adding a /path/to/urc.db will tell urcd where to store a
- database. the database stores information from the network. this prevents
- losing this information between connections. (security) set chmod 600 on
- this file after it is created. e.g.: /topic, /names, and /list.
-
- WARNING:
- using this option on public urcd's, or sharing a database from a private
- urcd can reveal /topic, /names, and /list to unprivileged clients.
-
- FLOOD:
- integer argument with a default threshold of 8. every write to the network
- by a client increments the flood counter. if the flood counter breaches the
- threshold the client will lose ability to write to the network until the
- counter returns below the threshold value. a 0 value will disable this
- feature.
-
- LIMIT:
- float argument default is 1.0. this is the maximum rate in which a client
- can write to the network.
-
- EXPIRY:
- integer argument with a default of 32 days. this is how long a CryptoServ
- account has until it is deleted from inactivity. setting this value to 0
- will disable account expirations.
-
- COLOUR:
- integer default is 0. changing this value to 1 will allow colour encoding
- to pass to the client.
-
- UNICODE:
- integer default is 0. changing this value to 1 will allow unicode encoding
- to pass to the client.
-
- NICKLEN:
- integer default is 32. this is the maximum byte length of acceptable nick's
- on the network.
-
- TIMEOUT:
- integer default is 256. this value represents the allowed time a client
- can remain silent before their connection is dropped. this value also
- represents how often URCDB is synchronized if enabled.
-
- PRESENCE:
- integer default is 0. changing this value to 1 will announce JOIN, PART,
- and QUIT messages from the client to the network.
-
- TOPICLEN:
- integer default is 512. this is the maximum byte length of acceptable
- topics.
-
- CHANLIMIT:
- integer default is 64. this value represents the maximum amount of channels
- and the maximum amount of users that can participate in channels.
-
- CHANNELLEN:
- integer default is 64. this value represents the maximum byte length of
- channels on the network.
-
- PADDING:
- integer default is 255. this value represents the block sizes of encrypted
- packets. setting a 0 value will disable this feature, however it is not
- recommended.
-
- BROADCAST:
- integer default is 0. setting this value to 1 enables UDP broadcasts in
- urc-udpsend and urc-udprecv.
-
-logging URC services:
- mkdir -p /path/to/urcd-service/log/
- ln -s run.log /path/to/urcd-service/log/run
- supervise /path/to/urcd-service/log 2>/dev/null & disown
- sleep 4
- svstat /path/to/urcd-service/log
- svc -t /path/to/urcd-service/
diff --git a/doc/URC b/doc/URC
--- a/doc/URC
+++ b/doc/URC
@@ -47,6 +47,12 @@ Advantages
correct keys can discover this information. By default, all
encrypted packets are padded to protect against other side channels.
+- TAIA96N is resistant to side channels by using random labels that
+ fall within a time parameter. This allows URC to require minimal
+ cache requirements for reliability and efficiency and prevent
+ the reusage of old messages (Replay Attacks) without compromising
+ a users time information. Admins should use accurate clocks.
+
- Security is priority - URC is written in a small amount of open
source C and Python code. URC daemons only function inside of a
chroot jail with only the privileges necessary to run. URC supports
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 17:34:31 2024