Securing DCC connections

The problem

Here we touch something that is not very much secure: DCC. DCC (Direct Client Connection) is a direct connection between two users who are connected to an IRC server. DocSynch uses DCC to quickly transfer the documents when a new user joins (the initial version of a document).

If a file is sent via DCC, it is not encrypted. Therefore this is a security hole. There are two things which ease this problem:

  • Every DCC connection is started by information passed over the IRC server. If your IRC connection is secure (see Section , “Securing IRC connections”) this information cannot be seen. Each DCC connection is transferred via a different port.

  • A typical text file is quickly sent over DCC and thus the connection time is very short.

You have to make the decision for yourself.

A workaround

Hang on, there is a little workaround for this problem: avoid DCC transfers. Set up a secure IRC connection and do the following:

  1. Before you start the session as master, make sure you do not have any documents added.

  2. Let all other users join. Do not join at a later time, cause this will trigger a DCC transfer of the current documents contents.

  3. Now add empty documents and add the content from the real files via copy and paste. Note: this might take a long time, cause the flood protection will delay long inserts.

  4. Again, do NOT join during the session. If you have to, the master must remove all documents from the session before you join, and add them after your join via copy and paste.

Maybe there will be a feature added to DocSynch in the future, which encrypts files before they are sent via DCC.