[MUD-Dev] PGP confusions hopefully resolved (was: collecting ideas ...)

Wesley W. Terpstra terpstra at iota.dhs.org
Thu Dec 23 04:40:26 CET 1999 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

There has been much confusion on what I was talking about with respect to
using pgp for player certificates. I was, admittedly, exceeding unclear in
my original post. Now, after discussion, I have the ideas all straightened
out and would like to clear up confusion.

1 - I never intended to use this for encrypting anything. 
2 - I am storing all character information on the players system.
3 - The user never touches pgp himself.
4 - The client program never touches pgp itself.
5 - Only the servers (rings) use pgp.
6 - Servers verify character information integrety by checking the
signatutes on the stats and they may choose to accept stats signed by
other servers.

For a sketch of how this server-server trust works, see:
	Subject: PGP player certificates (was: collecting ideas...)
	Message-ID: <Pine.LNX.3.96.991222190724.836A-100000 at maul.sith.vpn>,

- ---

On Wed, 22 Dec 1999, Rahul Sinha wrote:

> > certificates about players so their characters can move from one
> > server to another w/o the two servers ever talking directly.
> servers talking is much better than trusting the client.  Clients can be
> reverse-engineered...

Yes clients can. However, this buys the hacker nothing. Because character
data is signed, they can not forge data. Because the server records the 
a hash of the last certificate issued, players cannot drop changes w/o the
server rejecting future connections.

On Wed, 22 Dec 1999, J C Lawrence wrote:

> PGP in this context purely establishes a "web of trust" and then a
> protocol for secure identification (ie auditable and to some extent
> guaranteed modulo key trust concerns).  In essence this is exactly
> the same thing SSH does with its public key authentication ala
> authorixed_keys, just using a PGP wrapper instead of SSH.

Yes, I am building a web of trust that I use only to verify data about
players. Yes, ssh is used to authenticate two initially untrusted entities
and then transmit encrypted traffic. Unlike ssh, the entities I have
communicating never trust each other.  They never even authenticate each
other (although this could be added). 

The only real trust in my system is server-server (ring-ring).

Users only trust the server to show them a good time and update their
character. They can reject a server's changes at the expense of never
reconnecting.

Servers only trust the user insofar as it can verify that the character
stats are from a reputable source.

On Wed, 22 Dec 1999, J C Lawrence wrote:

> His discussion of the weaknesses for Public Key Infrastructure also
> indirectly pertains to the recent idea of PGP's webs-of-trust among
> MUD servers:
> 
>   http://www.counterpane.com/pki-risks.html

I just finished reading this. I don't believe it applies to a web of trust
among MUD servers. There is no CA. It's every server for himself! Of
course, it's late and I could be missing it. :-)

- ---

This the last I am going to say about using pgp player info certificates
unless people are still interested. However, I get the feeling the
interest level for this system is not high on this list. :-)
I like it and will probably implement it or some derivation.

Now on to other things, like Christmas and reading JC's C&C & lockless
model.

- ---
E-mail: terpstra at interchange.ubc.ca        Host: iota.dhs.org
PGP key: hkp://wwwkeys.us.pgp.net/terpstra@interchange.ubc.ca
         http://www.iota.dhs.org/pgp-keys/terpstra.pgp

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Comment: Made with pgp4pine 1.71b
Charset: noconv

iQA/AwUBOGIYPqYi3MeZ5h2mEQJqmACeMNkv1pjCBz0TyQ8y/uIEpRhDqbQAn3H1
XwVBcoRUNpn5RrVSr93AB5hy
=7O6O
-----END PGP SIGNATURE-----




_______________________________________________
MUD-Dev maillist  -  MUD-Dev at kanga.nu
http://www.kanga.nu/lists/listinfo/mud-dev

More information about the mud-dev-archive mailing list