maruk 80 Posted June 13, 2008 To clarify our view further on: addon signature are viable and flexible method. There can be many ways to use it and specific signatures for servers are one possible scenario. Of course users need to have valid public keys in any case. Server signed addons are good option for situations when addon maker didn't sign it etc. Of course, any kind of auto synchronization of public keys is potentially dangerous. My post didn't intend to decide on behalf of the community which way to go, I just wanted to say that server based signatures are valid community scenario that could make sense in some cases and could make it easier for people. E.g. server provides with a package of addons needed to play on it, including all necessary signature files (which can be simply created by server admin). Share this post Link to post Share on other sites
=jps=sgtrock 4 Posted June 13, 2008 Maruk; If I understand this correctly: E.g. server provides with a package of addons needed to play on it, including all necessary signature files (which can be simply created by server admin).You're envisioning that a server admin would set this up as part of a mission/mod download at the player connection time? Share this post Link to post Share on other sites
Yoma 0 Posted June 13, 2008 I think he's saying: "We provided a decent means of securing your addonbase. How you get the addons that players are allowed to use ingame is a matter that's up to the serveradmin." Maruk, just a small question on the side: do you like or dislike what the addonsync tool does? What would you suggest to improve it? I bet the guys at BIS have some kind of love-hate relationship with all these addons Share this post Link to post Share on other sites
.kju 3245 Posted June 13, 2008 Auto addon download isn't plain simple. The engine cannot (AFAIK) integrate new files and configs during runtime. A system to auto download, auto restart the game and auto reconnect to the former server seems like a possible way though. As for signatures. A server admin can allow additional addons on his server. People can use addons. They do NOT have to. A server can also have multiple signatures for one and the same addon signed by multiple people and authorities. It may not be perfect, yet its not as strict to deny people access to your server as you believe. Only a mission can require addons, so that people cannot join and play without them (think of new vehicles). Yet the vast majority of addons are replacements instead of new entities. The other way round - denying specific addons - can be way tougher however with the current possibilities. Share this post Link to post Share on other sites
wipman 1 Posted June 19, 2008 Hi, one thing that i think that may be possitive, will be to don't modify the addons signatures; so the people could use the addon's original bikey & signature instead look for the server's page (in case of exist...) and download again the addon signed (without even ask the addon maker) by that server for be able to play there. It's sad to can't play in some places because they've re-signed addons that you've yourself installed but that the server has re-signed for some reason that i don't get unless in the very improbable case that the addon/addons is/are not signed; which in this case i don't even use the addon or keep it in the HD (the Sigma-6 vehicles are the exception to this). So please, use the bikey and signature that comes with the addon and we could play all together. Let's C ya Share this post Link to post Share on other sites
.kju 3245 Posted June 19, 2008 wipman you can have two signature for addon A loaded at the same time. So you sign your addon A, so does server admin B sign your addon A. He now puts both your signature + key and his pair on the server. No problem at all. PS: the addon doesn't get modified by signing. Share this post Link to post Share on other sites
Defunkt 431 Posted June 19, 2008 I tried to read the whole thing but gave up, it's too long now. But I wanted to say I don't understand how such a sound idea has strayed so far. A committee evaluates new and updated addons for suitability in the MP game. If found appropriate that committee signs that addon with its own key and adds that signature to its database for download by admins and players. Server-admins may choose to honour those signatures (generally to the exclusion of all other) and include a recognisable tag in the server name (i.e. "GPMP") to indicate as much to players. The only rub I see is where a server-admin doesn't necessarily want all of the approved addons used on his server to which end I'd suggest two versions of the tag (i.e. "GPMP"/"GPMP-All" and "GPMP-Mix"). I don't want anything automatically downloaded to my PC, I'd prefer to maintain my own ArmA folder. Who might form the committee? Well where possible I’d break it down into sub-committees based on the AddOn type. I'd love to see NWD head up a vehicles addon panel for instance. Share this post Link to post Share on other sites
Yoma 0 Posted June 19, 2008 Of course i fully comprehend you want to download addons manually, but on some servers you'll find that a very hard and discouraging job. Unless you like searching for the latest addons all the time that is. Most likely you'll end up being the one getting kicked all over the place for wrong/conflicting/non-installed addons. Anyway, i think serveradmins should get together on this and install some kind of voting system for server admins only. This way you could come up with a list of decent multiplay compatible addons. Nothing needs to be done for that aside for making a small webpage and contacting lots of server admins. There are endless ways of distribuating the sign files between server admins. I bet the most simple one would simply be a mailing list... (the sign files being so small) How to get the actual addons (if needed) to the players is then totally up to the server admins. Share this post Link to post Share on other sites
wipman 1 Posted June 19, 2008 Hi, to *Q: i've entered in servers where they had only theyr own signature and i was kicked for don't have it; why they do this? no idea, but ain't like it. And why sign two times an addon...?? the signature that comes with it don't likes you...!?. Im sure that i could *much more MP missions if many servers were using only the bikey & signature that comes with the addon, that way the players will not require by force to download somehow those new bikey & signature that you didn't included in your addon. Ohhh.. and of course other thing that will help will be if all the servers admins add that "on different data not = kick" to the servers... because you may have some more addons installed, signed and resting in your own mod folder, that the mission may not require; but that you've 'em there for your own mission editing pourpouses. Let's C ya *Play Share this post Link to post Share on other sites
Yoma 0 Posted June 19, 2008 Hi, to *Q: i've entered in servers where they had only theyrown signature and i was kicked for don't have it; why they do this? no idea, but ain't like it. And why sign two times an addon...?? the signature that comes with it don't likes you...!?. Im sure that i could *much more MP missions if many servers were using only the bikey & signature that comes with the addon, that way the players will not require by force to download somehow those new bikey & signature that you didn't included in your addon. Ohhh.. and of course other thing that will help will be if all the servers admins add that "on different data not = kick" to the servers... because you may have some more addons installed, signed and resting in your own mod folder, that the mission may not require; but that you've 'em there for your own mission editing pourpouses. Let's C ya *Play -keys can be used for multiple addons => also for addons the server admin may not like or possible cheat addons that have been signed by the same maker of a valid addon. I think this is why Maruk mentions that autosynching keys is dangerous, it may lead to a leaphole for cheaters. => the only real way a server admin can avoid this is by signing all addons he want on this server HIMSELF. This way he can trust the addons, if he can protect his private key. -Not kicking people with unsigned addons will only lead us back to the cheating hell Arma used to be. -Use modfolders to separate your editing mods from playing mods, keep your default Arma/addons DBE/Addons folders clean. I know it's not fun and that it complicates stuff for players. You have to understand that the very reason they made this system is to avoid -server crashes by addon incompatibilities -discourage cheaters We all know this system also discourages non-tech savvy players. But think how much you would like arma when cheating 12 year olds are flying around in vulcans dropping bombcarpets all over the map... Share this post Link to post Share on other sites
wipman 1 Posted June 20, 2008 Hi, *Yoma: Quote[/b] ]-Not kicking people with unsigned addons will only lead us back to the cheating hell Arma used to be. read again man, i've said: Quote[/b] ]have some more addons installed, signed andresting in your own mod folder signed; i've said: signed addons. Of course that i do agree on kick anyone that dares to use a unsigned addon in any MP server. But, what i'm 100% is to kick people that only have the original bikey & signature that comes with the addon as you download it. Example: my damn M4's pack, my damn M4's pack is just as the BIS M4's and M16A4's... but much more pimp; are you telling me or anyone that my M4's are a cheat?? they use the same values than the BIS weapons, so... why they sign 'em again in some servers?, and like that, many more addons that are not any kind of cheat or hack; a better example: the Johnn's USMC v1.5 . Are they a hack or a cheat...?? no. So then there is no reason for re-sign 'em again. It's annoying to be kicked from a server because you don't have that server's key for your own addon; and the fact of don't use only, the bikey & signature provided by the addon maker/owner is killing alot of the MP posibilities of the game in many aspects. If you think that that addon introduces cheats, isn't really made for a clean MP use... then, don't, use it. Or do your own and then sign it as you want. But will be better for us all if the servers admins use the bikey and the signature that comes with the addon just as you downloaded it; and allowing the players to have other (not required for the mission in course) signed addons in the same custom (no matter how it'll be called) folder; so we wouldn't need to have 5 different games (in MB size) inside the ArmA folder to play in each server. "i need 3Gb for play here, other 2Gb for play here... and just 450Mb for play here" that is one of the less smart management policies that i-have-ever-seen. Let's C ya Share this post Link to post Share on other sites
Defunkt 431 Posted June 20, 2008 You don't need a duplicate of each addon for each signature, multiple signatures can apply to the same addon. If a server admin chooses to delete the original signature, well you'd need to take that up with them, nothing anybody does here could stop that. Share this post Link to post Share on other sites
Yoma 0 Posted June 20, 2008 of cheat or hack; a better example: the Johnn's USMC v1.5 .Are they a hack or a cheat...?? no. So then there is no reason for re-sign 'em again. It's annoying to be kicked from a server because you don't have that server's key for your own addon; and the fact of don't use only, the bikey & signature provided by the addon maker/owner Please read what i wrote again. Ok so you made a non-cheating addon. What would keep you from making a cheating one and signing it with the same key. Therefore using the same key for multiple addons is in fact ALLWAYS dangerous unless you've signed the addons yourself. A server admin CANNOT CHECK WETHER YOU MADE AN EXTRA ADDON THAT IS A CHEAT! Share this post Link to post Share on other sites
wipman 1 Posted June 20, 2008 Hi, then someone could do a complete list of what addons are or may work, as a cheat or hack so the servers admins could have a dayly updated addons that introduce or allow to possibility to use cheats, hack something, crash the server due to addon's errors or that exploit somehow the game's engine. Re-sign all the addons yourself, is again as i've said one of the worst management negligences that-i-have-ever-seen. Let's C ya Share this post Link to post Share on other sites
maddogx 13 Posted June 20, 2008 The whole point of addon signatures is that the signing authority must be trusted. Sure, anyone who has ever released a signed addon could use the same key to sign a cheat - but that's the risk you take when you decide to trust a signature/key, and that's the reason why that decision is so important. The whole problem we as a community are facing right now is that there is no consensus as to which signatures/keys are trusted and which aren't. Thus my idea of having a central authority/commitee/whatever to decide upon this, in order to create a common basis. Of course the central authority could simply sign addons themselves using an "officially" trusted key, but that would open a whole new can of worms that I really don't want to elaborate on right now. Share this post Link to post Share on other sites
Yoma 0 Posted June 20, 2008 Hi, then someone could do a complete list of what addons are ormay work, as a cheat or hack so the servers admins could have a dayly updated addons that introduce or allow to possibility to use cheats, hack something, crash the server due to addon's errors or that exploit somehow the game's engine. Re-sign all the addons yourself, is again as i've said one of the worst management negligences that-i-have-ever-seen. Let's C ya Ok i give up. A small example to hopefully make you grasp the idea. Let's say i make a nice M4, fancy textures, nice model blablabla everybody likes it. I sign it. Then i start toying around with making a cheat addon. I sign it with the same key! Now you tell me how serveradmins will allow my M4 and disallow my cheat addon? Answer: by resigning ONLY the M4. Thus you need multiple sign files for 1 addon if (as a server admin) you want to be on the safe side. People connecting with the cheatmod will be kicked because obviously you didn't sign the cheatmod. The solution proposed here would be to have some kind of overlord organisation that signs trusted addons. I like the basic idea (which would take not long to implement). The basic problem however with that idea is that as soon as the overlord organisation gets infiltrated by the wrong guys you'll get perfectly good signed "trusted" cheats. What i propose CANNOT BE infiltrated as every server admin has full control over HIS private key. This solution however has 3 main problems. 1) it's a bitch for serveradmins, they have to find out what to trust, what not and sign 2) it's a bitch for servers not using some kind of organised distribution method for addons/keys 3) it's a bitch for players that don't know about the method the server uses to distribute their addons I'm in full support however of a limited experienced group of people signing addons for multiplay use and spreading those keys between serveradmins. However i fear that one day this "organisation" might actually do more harm then good, considering a "what if" scenario. Share this post Link to post Share on other sites
Defunkt 431 Posted June 20, 2008 Personally I think it unlikely the signing authority would be compromised, anybody who's already released 2-3 significant pieces of work clearly loves the game. I can't imagine such a person even wanting to cheat let alone risking the work that would be required to test and sign. Even if it did happen (and it wouldn't) we'd be no worse off than we are now, servers would very quickly stop honouring those signatures. Share this post Link to post Share on other sites
wipman 1 Posted June 20, 2008 Hi Yoma's Quote: Quote[/b] ]The solution proposed here would be to have some kind of overlord organisation that signs trusted addons. A) I don't need any kind of "organization" like "that". B) I don't need "anyone" that sign my addons. C) I don't use cheats in half serious games like the ArmA. If a signature or a signed addon have a different size, to the addon installed (without any hack inside) on the server, shouldn't that kick the player joining with the (hacked) addon signed by that KFC rat?. There should be two ways of auto-kick (by the server) those players with: A) Different File Size Archives/Addons. B) Different Name/Number of addons. For me the way A is the good one, while the B sucks; blocks the entrance to many non damn cheater players to servers where play interesting and serious missions with people that do care what they play and how. Make clean people pay as sinners is not something that i stand for, that i can agree with or that i'll give any kind of support. And may be that the english is not my main language, but what i understood is that what you propose is to create a kind of "SS" that says what's right and what not that re-signs other's people addons and force the players to download and install two or three times the same addon that they want to play with, if they've the big luck of find a mission that uses that/those addons that they like, downloaded from "so untrustable sites..." as... Armaholic... Armedassault.info... OFPEC... and "untrustable" places like those, that make us the big favour of host our job. What will be good enough and may even work, will be to create a list available for all to see in this forum for example... with the name of the addons that contain hacks or cheats so the server admins will know which addons use and whichs don't. If i download something from places like Armaholic, Armedassault.info or OFPEC.com i trust at the 100% in the safety of the addon or mod that i've downloaded. Let's C ya Share this post Link to post Share on other sites
Yoma 0 Posted June 20, 2008 A) Different File Size Archives/Addons.For me the way A is the good one, while the B sucks; blocks the entrance to many non damn cheater players to servers where play interesting and serious missions with people that do care what they play and how. A) Do you realise how friggin easy it would be to create a cheat that's named exactly like a valid addon, that's exactly the same size and that has a cheat in it? I bet it would take about 60 seconds for someone who knows what he's doing. Just fill up part of the addon with nonsaying but nonblocking data and tada... B) Have you ever wondered WHY admins enable those file/signature checks/battleeye stuff? (Yes you can still run a server without them) Virtually no server does this because within minutes the server is stuffed with cheaters, unless you password it and only give out the password to close friends. Anyway, i tried my best explaining stuff, if you can't,won't,don't understand then that's your problem i guess... Share this post Link to post Share on other sites
wipman 1 Posted June 20, 2008 Hi, no Yoma, i don't know how easy it's for someone who knows about to hack a server that only have those few preventive measures againist the damn cheaters, hackers and suckers in general. But do you realize how angry makes me to do an addon crying by the corners to every damn one who could help me and then when you finnally find a few servers/missions that use it, be kicked because you don't have "a valid key" for your own damn addon!?. The fact of don't use addons in MP is what fucks the game plus it's own bugs, that are just alot; without the addons that "valance" well the sides in conflict, the game, is, in, panties; if i want to be able for shoot from the hatch of the cargo coffin of my damn IFV i'll had to play to the damn BF2 because in the "ultimate war simulator..." i can't. And that's just one of the things that we can't do; and without use addons that make this better, i wouldn't touch the ArmA again. So there must be some way of allow addons to be used in damn easy way for all or i wouldn't be doing damn weapons packs for everyone of us, you, me and the rest of the players of this damn game. Let's C ya Share this post Link to post Share on other sites
Yoma 0 Posted June 20, 2008 I understand that must be very frustrating. Beside that i nearly never play multiplay WITHOUT addons. But all the servers i play at use my tool. I never get kicked for missing addons, missing sign files, and if i do i just sync and off i go. The frustration you are having is EXACTLY why i made my tool. In fact i took the liberty of looking for your wip_m4a1.pbo addon in my arma folder. (I never download separate addons, yet the addon is there, this means some server is using it) Of course i understand people who don't want to use it, but for those who do: what you ask for is possible with just minor work on more and more servers. Share this post Link to post Share on other sites