[MUD-Dev] Trusting the client, encrypting data
elanthis at awesomeplay.com
Thu Dec 18 13:32:49 New Zealand Daylight Time 2003
On Thu, 2003-12-18 at 10:31, Felix A. Croes wrote:
> Sean Middleditch <elanthis at awesomeplay.com> wrote:
>> The problem is, encrypting is pointless. Encryption stops the
>> data from being read/modify by someone between the two trusted
>> parties. If you're running the client on the user's machine,
>> tho, then that machine is one of the trusted parties - but you're
>> trying to stop the user of that machine from reading the data;
>> i.e., you're automatically assuming that the person you're trying
>> to stop from getting the data is a trusted party.
> It's funny how everyone (?) has misunderstood Ola's posting. He
> was not talking about creating a secure channel to the client, but
> about occlusion. This has been discussed on the MUD-Dev list
> before, at least I think that's where I picked up the idea years
> The point is not to have the server encrypt data which the client
> immediately decrypts. Rather, the server sends encrypted data
> that even the client does not have the key for. The idea is not
> to hide data from snoopers, but from the client itself.
Ah, yes, I did misinterpret. My apologies.
Sean Middleditch <elanthis at awesomeplay.com>
AwesomePlay Productions, Inc.
MUD-Dev mailing list
MUD-Dev at kanga.nu
More information about the MUD-Dev