Heikki Levanto wrote: > On Tue, Feb 26, 2008 at 07:51:40PM +1300, Stuart A. Yeates wrote: > >> Adding authentication to GTP is a stunning bad idea. If we really need >> an authenticated GTP, wrap the GTP we have in an SSH connection. >> > > What a stunningly bad idea! > Heikki,
What I got out of that was his main point that building authentication into GTP is a bad idea. I don't really think of the CGOS protocol as authentication, it's certainly not secure and no encryption is involved. It's just a simple mechanism to prevent name-space conflicts. But I guess technically it is an authentication protocol. It's probably not hard using existing packages and libraries (cgos is written in tcl) to build a secure protocol into the server. It would probably be gross overkill - all it would do is prevent someone from sniffing your password, as if anyone really cared about your CGOS password. - Don > So anyone running a server would either have to take the trouble to exchange > keys and set things up manually for everyone who wants to play, or give > strangers a login access. > > And every go program would have to add the ssh libraries and the trouble of > establishing such connections. Some platforms may have easily usable > libraries for that, but can you guarantee that all do? > > I have so little time for go programming that I would not like to waste my > time on unnecessary 'security'! > > > - Heikki > > _______________________________________________ computer-go mailing list computer-go@computer-go.org http://www.computer-go.org/mailman/listinfo/computer-go/
