[MUD-Dev] strong encryption for authentication

J C Lawrence claw at 2wire.com
Fri Jul 13 20:30:52 CEST 2001


On Wed, 11 Jul 2001 20:29:12 -0700 
Caliban Tiresias Darklock <caliban at darklock.com> wrote:
> On Wed, 11 Jul 2001 09:35:39 -0400, Edward Glowacki
> <glowack2 at msu.edu> wrote:
>> Quoted from Caliban Tiresias Darklock on Tue, Jul 10, 2001 at
>> 08:16:52PM -0700:

> Then the people who engage in real-world transactions should apply
> what they consider an appropriate level of security. But the game
> itself is... well, a GAME. 

Which assumes that life is not a game.

> It's not a business transaction. 

Which assumes that games do not enclude business.

> Should my MUD support credit card transactions and escrow
> arrangements with shipping calculations because someone may want
> to buy someone else's character? I don't think so. That's not part
> of the game.

More subtly, it could be, and it could be interesting if it were.

> Which is, essentially, a CHAT ROOM. Is this rocket science or
> something?  Why don't chat rooms encrypt? 

Actually, several do.  Crypto supports are among of the reasons that
Jabber and (slightly more particularly) Gale are getting commercial
attention.

> Well, because there's no good reason for it. Which is pretty much
> what I've already said.

PKI problems aside there a large perceived value for venues which
offer some level of guarantee that the parties participating are
either who they say they are, or that they can be resolved into a
unique human without significant effort.  Crypto plays a basic role
in those interests.  While not wishing to cite money or venture
capitalists as the arbiters of wisdom or technical correctness:
cheques containing multiple commas are bing waved at the area.

>> You mentioned business conferences, which could be something you
>> are able to have within one of these virtual environments.

> And which are already supported by very nice business-oriented
> applications which are compatible with any number of encryption
> standards. What self-respecting business would conduct a sensitive
> meeting on a public server anyway?

A few of reasons come to mind:

  1) Why assume a public server?

  2) Because they can (its often a compelling reason)

  3) Because often the best secrecy is accomplished in public
  places (which arguably the crypto supports degrade).

>> Why *not* just start encrypting everything?

> Because there's no good reason for it.

At the applications specific VPN level there's considerable good
reason for it administratively.  The fact that crypto comes along
from the ride and offers various levels of risk reduction and
containment for an amortisable expense in PKI infrastructure goes a
long way towards making it compelling.

>>> So I'd pose this question, to which I would honestly like to
>>> hear the answer: what *possible* reason have you identified as a
>>> compelling justification for encryption? Because I really
>>> couldn't think of anything. Did I miss something?

>> There are lots of good reasons to encrypt, see above.

> No there aren't. ;)

Crypto has relatively few first order benefits.  Most of the first
order deltas are quite negative.  Its when you get out to the second
and third order effects that the real values start coming in.

> So far, you've pegged three potential problems.

> 1. People could be spied on.  2. People will want privacy.
> 3. People may engage in RL commerce.

> My response to these three situations is:

All three cases leave the game world as the single shared item as
well as the most attractive and leveragable compromise target.  I
don't like the design model of placing your base operation systems
as the most attractive attack target.  It makes for sleepless and
twitchy SysAdms.

--
J C Lawrence                               ("`-''-/").___..--''"`-._         
---------(*)                                 `6_ 6  )   `-.  (     ).`-.__.`)
claw at kanga.nu                               (_Y_.)'  ._   )  `._ `. ``-..-'  
http://www.kanga.nu/~claw/                _..`--'_..-_/  /--'_.' ,'         
I never claimed I was human             (il),-''  (li),'  ((!.-'           
_______________________________________________
MUD-Dev mailing list
MUD-Dev at kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev



More information about the mud-dev-archive mailing list