[Fsedu-developers] In defense of consent based client certification

fsedu-developers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fsedu-developers] In defense of consent based client certification

From:	James Michael DuPont
Subject:	[Fsedu-developers] In defense of consent based client certification
Date:	Fri, 22 Aug 2003 03:21:25 -0700 (PDT)

After a long discussion on freenode.net/#GNU yesterday, I find my
arguments for a secure system to distribute data without allowing
cheating in line with the spirit of the GPL.

These are my arguments in favor of a certified client :

    1. There are valid applications where a group of people agree to
use one version of the software 
      and want to eliminate cheaters. A First person shooter for
example would be a good example

    2. By allowing for a auditing of the clients on a random basis, and
the inclusion of the entire memory of the software including of 
      the data at a specified timepoint you can get a secure
fingerprint that is very very difficult to fake.

    3. By allowing for a secondary protocol to use a secure cipher to
encrypt and slightly change the binary of the file, 
      you can increase the cost of binary hacks. This application of a
cypher can take place on the original binary before starting using 
      a key that is agreed upon by the group.

    4. These techniques do not eliminate crackers, but make the cost
prohibitive, random and frequent changes to the binary form using a
secure algorithm will increase the cost of making binary patches very
much.

    5. The users are free to review and edit the source code of all the
components of the system, Each user is free to join any group that they
wish. Groups are free to certify any on binary that is proposed.

    The only restriction that the user must agree to is the client
software is not hacked, cracked or changed during execution. There are
many applications that could use this type of security and it does not
take away the users rights, it just protects the group.

    In closing, my proposal is based on the idea of game theory, that
having a the "game" the binary changed often will in the long term root
out "cheaters".

    By only allowing certified users access, and having a trust metric,
it should be possible also to eliminate long term abusers.

mike 

=====
James Michael DuPont
http://introspector.sourceforge.net/

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

[Prev in Thread]

Current Thread

[Next in Thread]

[Fsedu-developers] In defense of consent based client certification, James Michael DuPont <=

Prev by Date: [Fsedu-developers] Wake UP!
Next by Date: [Fsedu-developers] RFC for Free software consent based content mangement
Previous by thread: [Fsedu-developers] Wake UP!
Next by thread: [Fsedu-developers] RFC for Free software consent based content mangement
Index(es):
- Date
- Thread