Speaking of GUID.. a friend of mine (at my request) is working on a secure GUID patch for Tremulous (and he's apparently designed the patch in a way that it can be ported to any game)<br><br>Admin GUID's can optionally be associated with a public key on the server. At connection the server and client will launch a separate 'authentication' thread ..The server immediately sets verifiable GUID's to XXXX and sends a cryptographic challenge to the client, the client signs and returns it at which time the server set the GUID back and flags it as 'verified'. This is (IMHO) a much better solution than TJW's 'different GUID on every server' -- You can have the same GUID and public key everywhere, but a hostile server owner or network sniffer can't use that to pretend to be you on other servers. <br>
<br>I tried to design the scheme to be backward-compatible too. Older servers don't send the challenge and the new client behaves as normal. Older clients can continue to use an unverified GUID, server owners can decide if they want only verifiable GUID's to have admin. <br>
<br>I'm not sure how we're handling the initial key generation and exchange yet, I'll have to ask James. It probably won't be automatic unless he's found a way of doing that too..<br><br><div><span class="gmail_quote"><br>
On 19/03/2008, <b class="gmail_sendername">G</b> <<a href="mailto:bougard.g@gmail.com">bougard.g@gmail.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Thank you for your response.<br> <br> I checked it a little and it looks pretty. I will review it in depth<br> before hacking VSP.<br> <br> Le dimanche 16 mars 2008 à 12:46 +0000, Ben Millwood a écrit :<br> <br>> I believe tremstats (<a href="http://www.dasprids.de/programs/tremstats">http://www.dasprids.de/programs/tremstats</a>)<br>
> recently added GUID tracking.<br> ><br> > On Sun, Mar 16, 2008 at 10:39 AM, G <<a href="mailto:bougard.g@gmail.com">bougard.g@gmail.com</a>> wrote:<br> > Hi,<br> ><br> > just to be consistent with the enhancement I just propose (see<br>
> <a href="https://bugzilla.icculus.org/show_bug.cgi?id=3570">https://bugzilla.icculus.org/show_bug.cgi?id=3570</a>).<br> ><br> > I know about and I hacked a little VSP to support Smokin'Guns<br>
> (previously known as WesternQ3). That product can support<br> > players GUID<br> > and I need some little work to let it support GUID for Q3.<br> > Also I think<br> > VSP is not intended to be hacked as its code is obfuscated...<br>
> but I did<br> > not found any legal mention about that.<br> ><br> > So just few questions before I lost my time ;P : do you know<br> > about<br> > product managing game statistics with GUID support ? Did such<br>
> a kind of<br> > work still have been done for any kind of Q3 mod ?<br> ><br> > Thanks all<br> ><br> ><br> > ---<br> > To unsubscribe, send a blank email to<br>
> <a href="mailto:quake3-unsubscribe@icculus.org">quake3-unsubscribe@icculus.org</a><br> > Mailing list archives:<br> > <a href="http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?50">http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?50</a><br>
><br> ><br> <br> <br> <br> ---<br> To unsubscribe, send a blank email to <a href="mailto:quake3-unsubscribe@icculus.org">quake3-unsubscribe@icculus.org</a><br> Mailing list archives: <a href="http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?50">http://icculus.org/cgi-bin/ezmlm/ezmlm-cgi?50</a><br>
<br> <br> </blockquote></div><br>