[vworld-tech] Ultimate MMO Platform

Crosbie Fitch crosbie at cyberspaceengineers.org
Mon Apr 12 11:48:54 PDT 2004


> From: J C Lawrence
> How would you determine that two distinct nodes have the same key etc
> given the presence of NAT/PAT, load balancing proxy clusters, dynamic
> DHCP address (re-)allocation[1], etc?

You do need some period of stability in the addressing system.

If an address lasts for only a few minutes at most, this could be tricky.

Either you need a reliable address, or you need a reliable connection. You can't spend too much time double-checking that the node you're talking to truly is actually rapidly switching between addresses/connections, and that you're not actually talking to two or more nodes with the same identity.

> So nodes exchange secondary shared secrets to establish localised
> identity graphs, essentially attempting to build a SAME AS identity
> relationship across time (which is a different aspect of identity)?

Yeah, that's one way of putting it. Exploit the fact that the relationship continues for a long period of time, and by continuous sharing of small secrets you increase the monitoring burden on any other node hoping to be an impostor (not just a key to break, but also a historical record to duplicate).

> I don't believe that it can be assumed.  The correct approach in this
> space may well be the 80/20, with resilience/containment 
> methods for the 20% it breaks/fails/is_compromised.

Yep, you can't assume anything (though it would be nice). That's why I mentioned epistemology. The system can't even rely on the internetworking structure that supports it - everything has to be continuously tested, assumptions and behaviour.



More information about the vworld-tech mailing list