Re: [Nel] A small document for your consumption

[Brenden Towey]

-----Original Message-----
From: Vincent Archer <address@hidden>
>   Note: DNS spoofing or configuration file modification can lead to LS
>   spoofing and hacking of the login/password information of the client.
>   However, DNS is needed for flexibility of the login service location.
>
> 3) MD5 for a dynamic challenge. A good example: the server sends you the
> current date when you connect, and you use that date as the first
> bytes of the MD5 digest.

Would #3 solve the login & password hacking problem?


>Whenever a world starts, the WS establishes a permanent link with the LS,
>using an encrypted link (it is assumed that the LS and WS are located on
two
>physically and probably geographically distinct networks). A 'SHARD'
message
>serves as authentification, and the WS then updates the LS with its state,
>name and IP address. The WS may have a list of valid IP/port address for WS
>to avoid the occasional pirate server registration.


Ok, I don't understand this.  Why would one person or company want to do
this?  What's the advantage to having a login service in one location and a
world service in another?  Why not just co-locate all your services behind
one firewall?

Peace,
Brenden