No subject

Wed Mar 11 18:56:50 EDT 2009

assumption that many players will prefer unranked servers. Personaly I do
not believe this. Give people rank and stats, and they go crazy. And when
you add the fact that rank will unlock weapons for you, well, go figure.

First I was reading on the various game sites statements about the unlocked
weapons not being more powerful, only different. Then I read this preview
of a clan trying out the game at Dice's in Sweden:

> I had serious problems adapting to the M16, it lacked the ability to
> shoot in full-automode and I hated it. I almost felt like hanging myself
> when a Chinese soldier killed me for the twentieth time with hill fully
> automatic AK. A big fat curse rolled over my lips. Ironically the programmer
> who was responsible for weapons balancing was right behind me. When I realised
> my reaction he calmly told me that you would be albe to select another gun
> when I got a certain score. Phew, what a relief. I guess when I'm US I'll go
> defend some flags until I'm awarded enough points to switch guns in the assault class.

Now, I guess it's time to insert a disclaimer here. From here on and out
I will assume that "certain score" refers to the official rank score, and not
the player's score during that round on the current map. I will also assume that
server operators can't turn unlocking of weapons - and other features that are
used as rewards in the ranking system - off. I'll be one happy server operator
if I'm wrong, but right now, I'm assuming I'm not. With that said:

This is a community server killer! Which again is a community killer! Because
this will *surely* guarantee that *everyone* will prefer ranked servers, and
the non-ranked community servers will be left out...

This is bad for the community, and I am also pretty sure it is bad for Dice
and EA in the long run. And "the long run" might easily be as soon as this fall,
when BF2 is out of the news, and left to the communities to be kept alive.

So first of all, Andreas, could you please release the "specs" of the ranking
system, so we could comment on the choises you guys have made. Since this is
something that have the potential to greatly affect the communities, I think
it's only fair to give us some facts, and hear us out on our comments.

But since we allready know about locking of weapons, and since I now assume
that the M16 rifle is locked to single-shot until you reach a certain rank
point threshold, I will say this: I thinks this is madness! This is creating an
uneven battlefield that is newbie hostile. And furthermore it will, as I said
earlier, allmost certainly guarantee that anyone serious about their BF2 gaming
will restrict their playing to ranked servers. Everybody wants the juiciest
weapons! Top that with the competitivness of gamers matched with the ranking
system, and I'm sure my claim holds.

So what I'm getting at, as a server operator and one of the four "board members"
of the biggest battlefield community in Norway,, is that I have
grave concerns about how the ranking system in BF2 will affect our community.

I was hoping BF2 would be a great boost for us, and we're working hard (even with
EA Norway) to get people exited about BF2. We're planning expensive server
purchase for kick-ass servers to be put on kick-ass one-hop-from-the-backbone pipes.
We're so exited about BF2 that we're close to pissing our pants, and we're hoping
we can build a big, vital and friendly BF2 community, where we can all have fun!!

But if BF2, out of the box, is designed and set up in such a way as to marginalise
community servers, and hence communities, I'm afraid my dreams will come crashing
down on me. So I'm literaly begging you: Help us find a solution here!

All this might seem a bit dramatic. But I feel it is! Maybe not for my beloved, since we might actually get to run ranked servers. But the global
BF community is mostly put together of small communities of clans running public
servers, and they will not be able to run ranked servers. At least not until Dice
find a way to allow ranking on all servers. And I suppose BFV showed with all clarity
what may happen to a game that has serious issues that aren't addressed VERY QUICKLY.

I know you are trying to figure out a way to do it, Andreas. And I know Dice has
lots of competent programmers. But just so that I'm not just pissing and moaning
here, I'll include some thoughts I've had on how you might go about solving the
ranked server issue. Use them for inspiration if you like, or trash them as garbage.
Just - please - solve this issue as quickly as you can :-)

Problem: Secure collection of ranking data from BF2-servers
Proposal: Attacking the problem using public key cryptography

NB: This is just my first thoughts, and they have not been structured or refined!

General assumption: EA wants to make it a server operator's choice to
enable ranking on a game server or not. They also prefer to distribute
only ONE set of server files, not two. They are also willing to build
a system where server operators can register their servers, in order
to collect and communicate ranking data from the game servers to the
EA ranking servers.

Collection and transmission of rank data:

1. Collection of rank data:
a. Collect ranking data into some data structure during a game round.
b. Serialize, compress and encrypt the data (using an "EA pub key") upon round completion.

NB: This can also be done at low priority, while the next round starts.

Assumption: The threat model does not include server operators hacking
into the server memory, and altering the rank data structure. (And this
is a sound assumption I would argue.)

2. Transmission of data:
a. Sign the encrypted ranking data using the server's private key.
b. Trickle the encrypted data to an EA server during the following round.


Actions by server owner:

1. Preparations:
Generate a public key pair, and store them in some files somewhere.
Keep the private key secret! 

Comment: This would not pose a problem for most server operators,
and actually it wouldn't compromise the ranking system if a server
operator publically announced his private key. It would only mean
that that server could not be uniquely identifiable any more, if the
operator also announced his account id. This would still not compromise
the ranking as such. The point of the server operator's private key
is only to identify him.

2. Register servers:
a. Register an account with EA.
b. Get an account id.
c. Register the game server(s).
d. Exchange public keys.

3. Setting up the server:
a. Insert account id into config file.
b. Put the "EA public key" you got from the EA site in a file somewhere.

Comment: The point of this is to let EA have some track on who is contributing
to the ranking system. This is great in many ways. It let's EA identify the
biggest (and most valuable) communities, and it also gives EA the opportunity
to implement the rank-logging in such a way that ranking points from spesific
servers (and communities) might be revoced completely, if EA suspects foul play.
The encryption with the "EA public key" while the ranking stats are still in
memory, assures that the server operator can't tamper with the ranking points
unless he writes a tool that alters that data structure in the servers memory.
And this is hardly a probable attack, in my oppinion.


Simple protocol proposal:

Assume you have a blob of compressed ranking data that you need to
transmit it to an EA ranking server:

1. Encryption of the ranking data on the game server:
a. Query EA for an encrypted, timestamped id.
b. Wrap the packet from EA with the compressed ranking data.
c. Encrypt the whole thing using the "EA ranking public key".

2. Signing of the ranking data on the game server:
a. Wrap the server's account id together with the "EA packet" from 1.a and
a hash of the encrypted ranking data.
b. Encrypt (sign) this "header" with the server's private key.
c. Wrap the signed header and the encrypted ranking data into some structure,
and transmit to en EA ranking server.


Ok, very unpollished. I haven't had time for that. I hope you guys can
make something out of this, and pitch in with ideas. If it is requested,
I'll gladly create a more structured and detaild documentation of my
suggestion, if it is wanted.

Well, I've written enough to publish a novel by now, so I guess it's time
to sign off. I'll keep my fingers crossed that a solution will surface...


 Name: Frode Hommedal
 Location: Norway
 Day job: VLSI designer and programmer
 Site: [ ]
 International Game Server Operators Association [ ]

More information about the bf1942 mailing list