[Home] [Groups] - Message: [Prev in Group] [Next in Group]

nu.kanga.list.mud-dev

28857: Re: [MUD-Dev] Trusting the client, encrypting data

[Full Header] [Plain Text]
From: Sean Middleditch <elanthis@awesomeplay.com>
Newsgroups: nu.kanga.list.mud-dev
Date: Thu, 18 Dec 2003 13:32:49 -0500
References: [1]
Organization: Kanga.Nu
On Thu, 2003-12-18 at 10:31, Felix A. Croes wrote:
> Sean Middleditch <elanthis@awesomeplay.com> wrote:
 
>> The problem is, encrypting is pointless.  Encryption stops the
>> data from being read/modify by someone between the two trusted
>> parties.  If you're running the client on the user's machine,
>> tho, then that machine is one of the trusted parties - but you're
>> trying to stop the user of that machine from reading the data;
>> i.e., you're automatically assuming that the person you're trying
>> to stop from getting the data is a trusted party.
 
> It's funny how everyone (?) has misunderstood Ola's posting.  He
> was not talking about creating a secure channel to the client, but
> about occlusion.  This has been discussed on the MUD-Dev list
> before, at least I think that's where I picked up the idea years
> ago.
 
> The point is not to have the server encrypt data which the client
> immediately decrypts.  Rather, the server sends encrypted data
> that even the client does not have the key for.  The idea is not
> to hide data from snoopers, but from the client itself.

Ah, yes, I did misinterpret.  My apologies.

--
Sean Middleditch <elanthis@awesomeplay.com>
AwesomePlay Productions, Inc.
_______________________________________________
MUD-Dev mailing list
MUD-Dev@kanga.nu
https://www.kanga.nu/lists/listinfo/mud-dev