alientrap-forum-archives

[tundramagi]

Thanks for your constructive contribution alph'

Mikee, I'm not sure why you would be afraid of mitm in... nexuiz?! It's a game ffs, there's no sensitive data transfered there. Same thing for the chat... I believe there are places better than a game server to transmit confidential data.

The only thing I see that would benefit from encryption is rcon, but it's already protected, and is dependant from the main part of the protocol.

I want to be free to use nexuiz to transmit sensitive data.
Every other protocol has an SSL version. Nexuiz is the only thing I run that's in the clear (other than the few directories I have on the http server so people that don't like SSL can still dl map.)

One should always beable to transmit sensitive data without fearing who's watching. Every european country has things they throw on their hate-speech lists, every middle eastern country and asian country aswell. Rather than supporting the regimes that enjoy punishing their civillian peon subjects for what they say, nexuiz should mask that from prying eyes, or at least have the option to do so. Every other protocol has a version of itself that does just that.

[Mr. Bougo]

One should always beable to transmit sensitive data without fearing who's watching. Every european country has things they throw on their hate-speech lists, every middle eastern country and asian country aswell. Rather than supporting the regimes that enjoy punishing their civillian peon subjects for what they say, nexuiz should mask that from prying eyes, or at least have the option to do so. Every other protocol has a version of itself that does just that.

You're forgetting rcon2irc, clients in early connection stages which don't show up in the scoreboard but can see you talking, or admins watching their consoles or logs... If the protocol itself is flawed in terms of privacy, wrapping it in security layers makes no sense at all.

[divVerent]

"tell" has neither of these flaws

[Mr. Bougo]

Unless the server is modded.

Okay, let's assume it isn't, so we can have some kind of banking system via the tell command.

[tundramagi]

Just delete this thread, SSL is never going to happen, nor is model clipping (cutting models by planes in memory), nor are buildings, nor are any more vehicles (like racecars).

For some reason none of you want any of this, especially the peeps who can implement them (... I don't know who can implement SSL though, whoever it is).

Nexuiz has gone as far as it will I think. There's this stupid idea that if we don't ___need___ it (regardless of the fact that survelliance in all the wonderful democracies is more pervasive than it ever was in the GDR, and men are jailed for 2 years for saying the wrong thing) then it shouldn't be implemented.

And why the hell is anything I post to dev.nexuiz modded down? The clip model by a plane on load if you want to (so you can cut it up) idea (and the replace texture on model) that I posted (didn't come up with the proposed mechanisms, just posted the idea) was modded down to -1. You people seriously don't want this stuff that you feel the need to mod down any idea I post... oh but arguing about lb and kg is important!

[divVerent]

Problem is that for implementing SSL (you actually mean DTLS, by the way), huge engine changes would be needed, and lhnet.c would need to be entirely rewritten.

For implementing one's own crypto, simpler means would work (only in netconn.c then). Almost everyone can do THAT, but many people tried to be clever and make their own crypto in the past, and failed (made it easy to crack).

E.g. it would be a job of half an hour to encrypt the DP session using AES with the challenge used at time of connecting. But of course, it'd be pointless, because anyone who sniffs that challenge can decrypt the connection. But to design an actually WORKING cryptographic protocol is not easy and can easily take months, and it takes MORE than one cryptographically experienced person to get it right.

A better idea would be a Diffie Hellmann key exchange at begin of the session, and then encrypting all packets using this key with AES - and I guess implementing this is about 10 to 20 hours of work. However, then one can easily perform a man-in-the-middle attack by performing DH with the client and DH with the server separately, and then acting as a relay.

The challenge is making it actually SECURE. And for that I see no good method that could be easily added to DP.

[tundramagi]

Problem is that for implementing SSL (you actually mean DTLS, by the way), huge engine changes would be needed, and lhnet.c would need to be entirely rewritten.

For implementing one's own crypto, simpler means would work (only in netconn.c then). Almost everyone can do THAT, but many people tried to be clever and make their own crypto in the past, and failed (made it easy to crack).

E.g. it would be a job of half an hour to encrypt the DP session using AES with the challenge used at time of connecting. But of course, it'd be pointless, because anyone who sniffs that challenge can decrypt the connection. But to design an actually WORKING cryptographic protocol is not easy and can easily take months, and it takes MORE than one cryptographically experienced person to get it right.

A better idea would be a Diffie Hellmann key exchange at begin of the session, and then encrypting all packets using this key with AES - and I guess implementing this is about 10 to 20 hours of work. However, then one can easily perform a man-in-the-middle attack by performing DH with the client and DH with the server separately, and then acting as a relay.

The challenge is making it actually SECURE. And for that I see no good method that could be easily added to DP.

Well to make it secure one has to use DTLS and when it fails blaim OpenSSL. DTLS works as such:
fist a public key crypto link is made, then a symmetrical AES key is exchanged for that session.
(Same with SSH). To thwart MitM attacks against the public key exchange, the thing is signed, and there actually may be other ways (ssh 1 was vuln, as was earlier ssl versions, they are more hardedned now IIRC).

Could one of the DP programmers add DTLS support?

[tundramagi]

Here's a reason why crypto is needed:
(well... actually, many of you want people that say things you don't like jailed... ok this is for those who do NOT want men jailed for what they say)

http://yro.slashdot.org/story/09/07/11/ ... ate-Crimes

Rights Online: British Men Jailed For Online Hate Crimes on Saturday July 11, @02:33PM

Posted by timothy on Saturday July 11, @02:33PM
from the don'tcha-just-hate-online-crime dept.
background: url(//c.fsdn.com/sd/topics/topiccensorship.gif); width:44px; height:55px; censorship
background: url(//c.fsdn.com/sd/topics/topicdoj.gif); width:50px; height:79px; court
chrb writes "Two British men have become the first to be jailed for inciting racial hatred online. The men believed that material they published on web servers based in the United States did not fall under the jurisdiction of UK law and was protected under the First Amendment. This argument was rejected by the British trial judge. After being found guilty, the men fled to Los Angeles, where they attempted to claim political asylum, again arguing that they were being persecuted by the British government for speech that was protected under the First Amendment. The asylum bid was rejected and the two were deported back to the UK after spending over a year in a US jail."

court censorship fascism leftists yro yro censorship story

[divVerent]

Well to make it secure one has to use DTLS and when it fails blaim OpenSSL. DTLS works as such:
fist a public key crypto link is made, then a symmetrical AES key is exchanged for that session.
(Same with SSH). To thwart MitM attacks against the public key exchange, the thing is signed, and there actually may be other ways (ssh 1 was vuln, as was earlier ssl versions, they are more hardedned now IIRC).

Could one of the DP programmers add DTLS support?

Problem is that going this route would mean entirely rewriting DP's network layer, which is out of scope.

[tundramagi]

Well to make it secure one has to use DTLS and when it fails blaim OpenSSL. DTLS works as such:
fist a public key crypto link is made, then a symmetrical AES key is exchanged for that session.
(Same with SSH). To thwart MitM attacks against the public key exchange, the thing is signed, and there actually may be other ways (ssh 1 was vuln, as was earlier ssl versions, they are more hardedned now IIRC).

Could one of the DP programmers add DTLS support?

Problem is that going this route would mean entirely rewriting DP's network layer, which is out of scope.

Well then only "good" people can use nexuiz, as it doesn't provide the protection neccessary for "bad" people to stay out of jail (or stay alive if they choose the correct path of fighting those who try to arrest them).

Most good OSS projects allow encryption. Some sorta roll their own (if using OpenSSL is not useful to their project they make their own "protocal" but use the existing crypto algos, and designs). Since most OSS projects are able to find a crypto person to do this, could DP?

Otherwise only nice good people will play nexuiz and bad people (like me, like those brits, like anyone who believes something diffrent than what's popular) will have to just not use it.