Skip to content

Instantly share code, notes, and snippets.

@Milek7

Milek7/proposal-milek7.md

Forked from TrueBrain/proposal-milek7.md
Last active December 20, 2020 00:04
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Milek7/ae99d3f43fad1914d4edc08506ed7420 to your computer and use it in GitHub Desktop.
Save Milek7/ae99d3f43fad1914d4edc08506ed7420 to your computer and use it in GitHub Desktop.
Download ZIP
OpenTTD multiplayer
Raw
proposal-milek7.md

Decentralized local authentication

Use a public key cryptography to authenticate yourself with the server. Your pubkey (public key) works like some sort of user ID. It can be repesented as 64 char hex-encoded string. (do we want to bother with Base58 or something?)
During joining process, client sends your pubkey to the server. Server uses challenge-response to verify that client is in fact posession of secret key matching with given pubkey.
Key material used to generate your keypair is stored at first launch in the config file.

Company access list

Company access list stores mapping of pubkeys and their respective access level: owner or member. Members can only join the company, while owners can also manage access list (retrieve access list, add/remove pubkeys, change access levels). At company creation, you are given owner level and only you can access the company.
These lists are stored in the savegame, so servers can be restarted without problem. Password-based authorization would be removed.
Do we need to support unprotected companies at all?

Server access list

Equivalent to above, probably reusing the same UI, but used for authorizing joining game server at all. Stored in the server config file.

Server owners can generate random invite code, choosing validity period/one time use/how many times code could be used (TBD). Entering correct invite code automatically adds you to the server access list as a member. Entering codes could be automated with openttd: protocol links.

Friends list

Anytime you could add someone currently available on server to your friends list. As keypairs are not tied to names permanently, last known name will be stored (which will update any time you see this pubkey playing with other name). If player don't have private mode enabled, you will now see on server list where they are currently playing. This also allows you to easily add them to company/server access lists even when they are offline, without manually entering 64 char pubkey.

Server sharing pubkeys

The server shares with clients pubkeys of all other connected clients. It also allows to query which pubkeys are currently playing on a server. (directly or through masterserver query, TBD)
This enables features described above, company/server access lists and friends lists.

Privacy mode

Obviously, with unique pubkey users can be tracked across multiple servers. This might not be desirable for everybody, so privacy mode can be enabled. It modifies keypair generation routine, so that some specific server characteristic (hostname or something, TBD) is mixed into key material. That yields unique keypair for each server.
This means friends can no longer see on which server you are playing (as you have a new identity on every server). This also means you cannot be tracked over multiple servers.

Pros and cons

Pros

  • Lightweight implementation.
  • All information is local; no central entity is required.
  • No need for any signup; this is fully transparent.

Cons

  • If you lose your secret, you lose your identity (no way to recover).
  • You cannot "login" as yourself on another device easily (unless you manually copy config entry with secret).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment