[MUD-Dev] Trusting the client, encrypting data

Sean Middleditch elanthis at awesomeplay.com
Thu Dec 18 13:32:49 New Zealand Daylight Time 2003

On Thu, 2003-12-18 at 10:31, Felix A. Croes wrote:
> Sean Middleditch <elanthis at awesomeplay.com> wrote:
>> The problem is, encrypting is pointless.  Encryption stops the
>> data from being read/modify by someone between the two trusted
>> parties.  If you're running the client on the user's machine,
>> tho, then that machine is one of the trusted parties - but you're
>> trying to stop the user of that machine from reading the data;
>> i.e., you're automatically assuming that the person you're trying
>> to stop from getting the data is a trusted party.
> It's funny how everyone (?) has misunderstood Ola's posting.  He
> was not talking about creating a secure channel to the client, but
> about occlusion.  This has been discussed on the MUD-Dev list
> before, at least I think that's where I picked up the idea years
> ago.
> The point is not to have the server encrypt data which the client
> immediately decrypts.  Rather, the server sends encrypted data
> that even the client does not have the key for.  The idea is not
> to hide data from snoopers, but from the client itself.

Ah, yes, I did misinterpret.  My apologies.

Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.
MUD-Dev mailing list
MUD-Dev at kanga.nu

More information about the MUD-Dev mailing list