-
Notifications
You must be signed in to change notification settings - Fork 0
termie/zombie
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
OMFGWTF Is Going On Here
========================
Things are still pretty raw, using this file to keep track of ideas and whatnot.
Stuff is starting to stabilize a bit so will begin documentation pretty soon.
TL;DR
-----
Getting Started
===============
You'll want to install dependencies first. You can usually do that with:
$ pip install -r tools/pip-requires
After that the quickest way to test the basic game is to load up the
devserver. The devserver (`bin/zombie_devserver.py`) will load up the world
server and all the location servers in a single process.
$ ./bin/zombie_devserver.py
The game server will stay in the foreground.
An example of a basic game client is in `bin/zombie_devclient.py`. It will
be expanded as more features become available. For now you can run:
$ ./bin/zombie_devclient.py
And you'll see some activity happen on the client and the server.
Thoughts
========
A World is like a perspective, it provides you with a startling Location and signs the exits for all locations. Locations can be hosted by third parties but to be part of a world they must be signed by that world.
Most connections consist of a control connection and a pubsub connection.
World
- id
- name
- control_address
- pubsub_address
- rsa_pub
- dsa_pub
location_default()
location_get(location_id)
Location
- id
- id_token {world_id: ((id, location_sig), world_sig)}
- dsa_pub
- name
- description
- exits {world_id: [(({direction, to}, location_sig), world_sig)]}
Object
- id
- id_token ((id, object_sig), world_sig)
- dsa_pub
- name
- description
Data Access Goals
=================
Data access should be outrageously simple.
- Worlds keep track of locations, and pubkeys of valid users
- Locations keep track of world pubkey, itself, and objects currently in the
location
- Objects keep track of all their own data
- Data is stored as signed json blobs
- Everybody should be able to replicate the db without anybody being able to impersonate somebody they are not.
==========
Liar, Liar
==========
Lying is expected, the goal is that anybody can always verify the truth.
Avoiding MITM
=============
The key attack point for mitm is to impersonate a character, but you have
in effect a CA with the World acting as the trusted third party.
Establishing a Secure Channel
=============================
Character has a signed identity token: ((id, character_signed) world_signed) which
they return with their rsa_pub, signed.
A look call from Alice to Bob:
({method: look,
target: bob,
self: alice,
challenge: {},
}, alice_sig)
-> bob returns verifiable response
{id: bob,
id_token: ((id, character_signed), world_signed),
dsa_pub: {},
rsa_pub: {},
challenge: {challenge}
}
If Bob doesn't trust that this is Alice asking:
({method: look,
target: alice,
self: bob,
challenge: {},
}, bob_sig)
And the verifies the look request before responding.
Alice then starts a session with Bob
({method: session_start,
target: bob,
rsa_pub: {},
}, alice_sig)
Bob responds
(alice_rsa_encrypt({session_key: {}), bob_sig)
From then on Alice can use that session key to communicate with Bob.
The Role of Locations
=====================
Locations are mostly mediators and guideposts. Their role is to mediate contact
between objects, provide a common forum and list the objects that are part of the location.
if msg['target'] is an object id in the location the location simply decrypt-encrypts the message and sends it to the target as is.
Scenario:
One Object looks at another.
Alice looks at Bob
About
No description, website, or topics provided.
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published