GPG and saved characters

[Legacy_Rolo Kipp]

                <giving the Twins...>

One of the problems with character import has always been whether they are "legal" (in terms of whatever ruleset your server uses) or not. One of the possible solutions we discussed a VLTA (very long time ago) was PGP (or Gnu Privacy Guard) - adding signatures to saved characters.  While this would not in itself verify the character's integrity, it would verify the *Player's* identity.

That is, if player W:char X played with me and I trust him and refer him to DM Y, DM Y could verify the public key (player W's) *I* send against X's sig and know he came from player W.  
Conversely, I could sign char X with *my* sig and DM Y would know char X is unchanged from when *I* released him... In fact, I could do both. Then it's just a question of who you trust ;-)

[edit: I'm talking about distributed authentication rather than a central, critical authentication]

I have seen nothing recent about any such <hairbrained> schemes.  

The Question: Has anyone explored GnuGP or PGP for verifying or referring player's characters between servers? 

<...one key each>
               
               

               

                     Modifié par Rolo Kipp, 18 octobre 2011 - 04:32 .
                     
                  

            

[Legacy_FunkySwerve]

               I'm posting a reply only because no one else has yet, and because I'm not sure anyone else will. I have no experience with either system you mention.

My own take on this is that it should be automated, to prevent human bias from entering into the mix. That would be, of course, more difficult. Instead of simply having one client verification script, you would need one per server, unless the servers all had the same rules and custom content concerning feats, skills, class combos, and the like. Of course, much deviation, and characters from one server are going to have disproportionate power to those from other servers, in all likelihood, so maybe it isn't such a huge issue at all.

You could use a unque id system, placed in the characters Tag field, to identify their server of origin, and whatever rulesets might be applicable. In all likelihood, you would also need an item verification system as well. Both of those systems would require information to be stored on the bic where potential exploiters would have access to it, unless all the servers in question are sharing a SQL database - and it sounds like they aren't, based on your remarks about distributed authentication. That being the case, you would likely need a database item of some kind on the character, with encrypted variables on it storing information about the names, tags, resrefs, and so on of the items the character has and their statistics. SQL offers encryption sufficient to thwart anyone likely to attempt to game the system, but all servers would need access to SQL in order to make use of the encryption functionality. You can find information on the encryption functions here:
http://dev.mysql.com...-functions.html

Alternatively, there is a NWNX plugin called vaulster, if you want to run things by servervault, which transfers bic files between servers, so that player credibility doesn't enter into the equation. You can find it here:
http://www.nwnx.org/...light=vaultster

Hope that helps some, despite not answering your question.

Funky
               
               

               
            

[Legacy_Rolo Kipp]

               <looks relieved...>

Thank you, FS. That does help, particularly in some other things I'm thinking about.

Re: Distributed authentication & GPG, this is more of a meta authentication on the player level (Validation the character belongs to player W) and character (validation character came from server X and has not been tampered with since), rather than checking the legality of the player.

We are all too individualistic to submit meekly to another server's ideas of what is proper and not :-/

The purpose of this would be to provide a community-based authentication protocol to replace the missing MP authentication, and to provide handles for tracking & sharing tools (if that makes sense).

The old idea was to use "local" server vaults, but to allow migration of characters between them using server-side encryption/signature. Black & white lists could be compiled specific to any particular server/group of servers and unknowns would be handled as unknowns.

Yes, it should be automated and transparent to player. When he makes his first character on one of the community servers, he is set up with (client-side) his private key and the public key is stored on the server.  If he moves his character to another server, the character file is signed by the server and then the player. This validates the character belongs to player W and last played on server X. It's up to the new server to decide what level of trust/compatibility to give players from server X and whether  player W's characters are treated as complete unknowns or allowed more privileges (levels, items, feats, etc.).

Hmmm, rambling again. Sorry. :-)

It's something I'll be thinking about.  I still believe in the Gemworlds concept :-) Call me stubborn.

<...that he hasn't gone deaf>
               
               

               

                     Modifié par Rolo Kipp, 20 octobre 2011 - 06:50 .