[vworld-tech] Ultimate MMO Platform
Crosbie Fitch
crosbie at cyberspaceengineers.org
Mon Apr 12 11:31:09 PDT 2004
> From: J C Lawrence
>
> Trust need not be historical. It can be pseudo-realtime
> through sanity and cross-checks of current events.
I don't really think that's trust though, I think that's just being 'well behaved'.
Trust is saying "I have noticed that my dealings with node X have been well behaved in all my previous dealings with node X, therefore I am prepared to risk more with node X than with other nodes that I have had fewer previous dealings with - (on the assumption there is only one node that can have the name X)".
> The problem is that it is (generically) impossible to tell the
> difference between a secret key and a compromised key.
Sure. I agree.
But (assuming addressability) you should be able to detect the same identity being used by two addresses.
> NodeA registers with identity X, and key Y and proceeds to use that
> arrangement.
>
> NodeB proceeds to also use identity X and key Y, but doesn't register.
>
> How do you detect this?
Registration is made with the 'system'. If there is a dynamic hierarchy of responsibility (which also passes word of identity), then existence of identities can be passed up this hierarchy such that sooner or later, if an identity is being used twice, it will collide with its doppelganger.
If NodeX is dealing with NodeB, NodeX can tell its parent "I'm dealing with identity X on address AddrB". If identity X has already registered on a different address then as this news passes up the hierarchy, eventually there'll be X on AddrA and X on AddrB.
Naturally, if there is only one identity, it can make a well behaved change in its address if necessary (if behind NAT say). The anomaly occurs when there are two distinct entities simultaneously claiming/reporting the same identity.
The fact that false identity can generally only be detected when the identity is duplicated, means that either people leave their machines on all the time, or the identity code (public key) is invalidated on disconnect, and a new code generated on reconnect.
Let's say node X knows five other nodes A-E. They all exchange public keys. Node A knows X is X because only X is able to decrypt messages A sends it using X's public key. Nodes A-E can also send X secrets using X's public key whilst X is online, such that after X has disconnected and X' reconnects, Nodes A-E can challenge X' to return the secrets they sent X. If X' is actually Y, then Y will only be able to do this if it not only knows X's private key, but also monitored communications between X and A-E (or Y is a snapshot of X).
If Y is able to replicate X, then Y will succeed as an imposter of X until X' appears.
More information about the vworld-tech
mailing list