> You forgot that the salvage proposal uses a central server where the game
> runs. The model can therefore be extremely simplified:
Yes, but I still believe the peer-to-peer nature of the game can work,
and that if it can work, it's a better solution than a central server.
For example, memory would be a very serious issue on a central server.
The map code alone will take more than (21 * number_of_teams * map_width
* map_height) bytes of data per game. For an 8 player 512*512 map,
that's 42 megabytes of data - manageable for one game, but do you want
to donate the server that could be asked to run a dozen of them at once?
It doesn't need to be like that. The server would be the machine of one
of the players. Many games work like that. There is a host player which
creates the game. The other players join it. When the host player
starts the game, a server is started on his computer and the other
computers just act as clients. The host player runs both the server and
his own client. The server and the client can be embedded in the same
executable. If they are splitted, you can run a standalone server,
which is very convenient if one of the players has a spare machine to
run it.
> - The only good way to prevent spoofing is to use some lightweight digital
> signature (encryption). Here the metaserver can act as a trusted server to
> establish a secure connection between the client and the server. While
> encryption might be too heavyweight for the server, it can easily be run
> in parallel to the game to take advantage of multiple processors or
> HT-like processors.
The real question is: why prevent spoofing? What do people have to gain
by attacking a game of Glob2? The most likely outcomes are to make the
game desynchronise or insert orders that shouldn't be there. While
annoying, these are hardly a major threat.
I agree with you. It's just a possibility to consider.
I remember back in ye olde days when there was a bug in glob2 that
allowed to restore a building's HP by upgrading and cancelling the
upgrade. Gentlemen's behaviour said we shouldn't use this trick, but
some people where doing it anyway... They will recognize themselves, as
they will probably read this.
Anyway, there is no way to prevent cheating. The client has to know
more than what it shows to the player or the game becomes unplayable.
Even if we did need to secure the communication between two computers
playing a game, central servers aren't useful for that. All a Glob2
session needs to know is that the packet it is receiving right now comes
from the same source as the last packet it received. This can be done
by exchanging session keys at the start of the game.
Central servers are usefull for handshaking. It allows you to prevent
man-in-the-middle attacks without having to manually exchange key
fingerprint information with the other computer. That's how SSL works:
you have some root certificates that come preinstalled with your
browser and they are used to authenticate other certificates. But then
you must trust the browser's installer...