thekey wrote:Ok, I understand the point of this, but still don't know why do I need some certificate (for example from CACert.org) for my IRCd. Is there any difference between connecting without some certificate and connecting with it? Is the encryption then different?
SSL is more than just encryption. SSL provides identity verification. Let me try to explain it this way. You go click on a link which takes you to somebank.com and it says it uses SSL. You immediately assume "it's encrypted, I'm safe." However, As it turns out, this link didn't really take you to somebank.com, it took you to hackersite.com/somebank which is setup to look very much like somebank.com. Now, given flaws in many browsers, this fact can be hidden from you. But, not with SSL. With SSL, the certificate will show that hackersite.com does not match somebank.com. Therefore, it will reject the certificate as forged.
The idea is, it proves you are who you say you are. So where does CACert (and other CAs) fit in? They do the verification. They are considered a "trusted" third party. It uses a "network of trust" type system. For example, I trust CACert, and you trust CACert. CACert says "He really is codemastr" and they also say "He really is thekey." Now since we both trust CACert, it means that you believe I really am codemastr, and I believe you really are thekey. Therefore, CACert has proven we are who we said, and therefore we can trust eachother.
Without a certificate, the identity verification is impossible. A certificate is basically your digital fingerprint, it proves your identity. If you don't have this fingerprint, then no one can know for sure who you are.