Re: computer-go: Authenticating the identity of a remote go-playing computer program

[Daniel Hallmark <dgh@xxxxxxxxxx>]

On 4 December 2000, "Bob Myers" wrote:

> I know just enough about public-key encryption techniques and digital
> signatures to believe that this is possible.  I hope that experts on this
> list can shed some light on how it might work.  It would be ideal if a
> standard could be established that eventually all go programs might adhere
> to and thus allow more tournaments to be held on the net.


The problem you have is that any security technology, including assymetric 
encryption, only works if everyone uses it properly.  All it takes is for
me to get my private key (from you) and hand it over to someone else and 
that person can now "authenticate" to you that they are really me.  Same
goes for keys registered to a computer program, etc.  Even assuming that
the "program" wasn't just a front end that performed an authentication
for a live player.

A security protocol is much more than just a mathematical technique like 
public key encryption - it involves some degree of trust that the users 
not intentionally try to spoof the system.

Daniel Hallmark