CSS - Community sign server

[.kju 3241]

In short no. The verifySignature system (privatekey, publickey, bisign files and pbo) from BI

is to combat cheating / addon abuse.

In general it is also an identifier and can be used for more than just than (bad specific

addons/mods for various reasons).

The CSS is about making playing with addons in MP less painful for all parties involved.

Addon author, distribution, end user, server admin.

Not to repeat myself - check the section Summary in the first post.

No the CSS has multiple advantages about the current system or a simple key database.

Salah ad Din the headache is NOW, the current situation. An automated system

would create the base to various techniques/features to reduce is a lot.

To repeat myself again a comment system for keys, if the addon of the respective key

is compatible, containing bad code, etc, or the key sets.

More to develop tools to automate that process even more based on the key and sign set.

It is no like this is all my personal idea. This is how systems work in the open source, linux,

security, file distribution scene or systems.

Edited November 28, 2009 by kju

[bhaz 0]

IMO, it would be easier to just make a public pack of .keys that are known to be legit, if any illegitimate addon comes out, the key can be removed from the pack, or not added in the first place.

Removing illegitimate keys would be easy since it's all community reported and moderated. All server admins would need to do is download a zipped file full of keys and extract.

TBH, the idea of having to send a .pbo file (or.. say several hundred) to a server just to get it signed seems more inconvenient.

[i0n0s 0]

@Cross:

I think I finally understand the advantage of the CSS:

It drops the private key.

The current problem is that as soon as you add a key to your server, the owner of that key can sign other addons with that key. So the server admin has to trust the key owner that he won't sign other addons using the key.

A work-around would be to create a server key where the admin signs every accepted addon. This makes sure that only allowed addons work, but the user has to get the signatures first.

CSS by-pass this problem since it drops the private key. The addon creator can't sign a different addon with the same key since he isn't owner of the key any more. The server admin can simply add the public key to the key list.

The level of trust is now reduced to the CSS server holder.

[cross 1]

@Cross:

I think I finally understand the advantage of the CSS:

It drops the private key.

The current problem is that as soon as you add a key to your server, the owner of that key can sign other addons with that key. So the server admin has to trust the key owner that he won't sign other addons using the key.

A work-around would be to create a server key where the admin signs every accepted addon. This makes sure that only allowed addons work, but the user has to get the signatures first.

CSS by-pass this problem since it drops the private key. The addon creator can't sign a different addon with the same key since he isn't owner of the key any more. The server admin can simply add the public key to the key list.

The level of trust is now reduced to the CSS server holder.

I know but the problem is CSS signs and distributes whatever comes to it. The BAD guy can just release an update with bad code in it. It gets signed and distributed.

It really does not bring another level of security because the responsibility is still with the server admin to find out that malicious code.

If I am a server very sensitive to security & fairness etc...I'll sign all the mods allowed on my server and shere thru Yoma so that they can sync before playing on my server.

we have 500 mods out there and what do you think security centric admins would do? They will still a)allow everything by downloading every bikey from CSS b)Pick certain authors and allow everything that has the tag of say..ionos (malicious or not) c) allow requested/certain addons/mods.

Now if they'll choose C then CSS is overqualified because server can sign all allowed and use Yoma.

Now if they'll choose B then CSS is again overkill because then what is it that stops author from inserting a malicious/unfair code. Nothing. Same for a. Only that Admin has to find it out and it will disable that specific pbo. What would you do? I'd completely shut that author out and all his work. I wouldn't take that chance again.

Now don't get me wrong...I am not against CSS. But I am for local operation of signing (you can delete local privatekeys generated after signing process and before uploading bisigns and bikeys to CSS) rather than forcing authors to to upload all of their pbos just to get it signed and deleted afterwards.

Edited November 28, 2009 by Cross

[i0n0s 0]

That's true.

The server admin still have to make sure that is a good addon. And this is c), and Yomas tool is a good solution. A CSS just remove the dependency for the server admin to create own signatures.

[cross 1]

On the contrary, if you are signing certain mods yourself for your server, you'll need to upload those .pbo.bisigns to CSS so that players get them and use when they connect to your server.

Of course they'll still need to get the real addon files from somewhere else or from your server, if you tweaked them.

[Yoma 0]

And the thing is: they not only need the addon, they need THAT EXACT addon.

Which is why it's a good idea to keep sign files and addons together in one repository.

[i0n0s 0]

I've just talked to kju to get clearer about the concept. The following is an extract of it:

The major problems with addons in MP are the following:

• A server admin should only allow 'good' addons.
  
• A player needs to know which addons are allowed on a server.
  

Something like the ClanBase AAS Addon Pack solves those issues:

Someone with trust checks which addons are good and which should be avoided. Then the server admin just copy the list and adds "CB pack" into the server name. Now the user knows which addons are allowed and can join with them.

Add On Compilation for more Realism and Immersion was the same way in A1 times.

And if the server admin doesn't like the CB pack, he can simple switch to another pack.

----------------------------

That solved our previous problems but creates new:

Who should do this work? Or more in detail: What is complicated about that work?

• A check requires time.
  
• Each addon (pack) requires it own private key.
  This is required for e.g. select parts of zGuba's fixes. And it allows to block version with errors.
  

Time is sadly something we can't solve, but we can solve the key part.

Our CSS creates those keys for us :)

Why do we need a CSS for it? I can handle it for myself!

Yes, you can handle it for yourself. But why should you invest _time_ to create those keys if someone else already did it for their own pack?

So the CSS will be gathering place for those signatures and allows an easy creation of them too.

So if you want addon X to your collection, you simple ask the CSS if the keys already exists. If yes, you download them and everything is fine. If not, you need to create them. No, the CSS will create them. You just need to show him the addon e.g. by uploading.

At that point it is also possible to talk with ~ArmAholic~, so that you just need to point the CSS to them and it will take it from there and will save you additional time :)

----------------------------

So for creation of those key packs, the CSS is a nice idea which spares a lot of time!

And as a server admin you just take one of those key packs and synchronize your server with it.

A player installs one of those pack and now can easily join server which allows those packs. And Yoma's tool can be used here too :)

[.kju 3241]

To clarify a few more points.

• The system is meant for OA/ArmA III.
  It could be done now too, and useful too, yet I am not positive it will happen.
  
• The main goal is to save time and have guaranteed keys for all addons.
  

This is the base for other tools, website and features, like

• Determine keys on a server, fetch sign files from the CSS for the user addons automatically.
  
• Tool/website to easily allow server admins get the keys.
  
• A rating system to make sure to promote good keys and ban bad ones.
  
• Ability to create keys sets of useful configuration like 'Coop pack' or 'PvP public pack'
  

Hope it is more clear now. :bounce3:

[soul_assassin 1723]

Hmm what about not a rating system but a Threat Advisory that can be submitted about any key and that threat advisory can be either supported (say server admins who can back up the claim) or challenged (giving author the chance to explain, or testimonials of people who have had absolutely no problems with the keys). Based on this sever admins can decide whether to allow such keys with more info then just anonymous votes.

Edit. Damn just came here From a link in a different thread. Didn't see the date. Sorry for digging it up. Blame kju :p