Package: wnpp Severity: wishlist X-Debbugs-Cc: debian-devel-ga...@lists.debian.org
* Package name : d0-blind-id (upstream name: d0_blind_id) Version : 0.5 Upstream Author : Rudolf Polzer <divver...@xonotic.org> * URL : https://github.com/divVerent/d0_blind_id * License : 3-clause BSD Programming Lang: C Description : library for user identification using RSA blind signatures d0_blind_id is an implementation of RSA "blind signatures", Diffie-Hellmann key exchange and Schnorr identification. It can be used by the DarkPlaces game engine (as used in Xonotic) to perform anonymous registration with a central server, providing cryptographic identities which are used in Xonotic for access control on individual game servers. This implementation has not been audited independently, and is not currently recommended for non-game uses. --- Xonotic upstream tell me that they would prefer Xonotic to not be packaged at all than to be packaged without d0-blind-id support. I'm happy to co-maintain/provide advice (I maintain other libraries), but as with Xonotic itself, I'm not willing to be the only maintainer for something I don't use myself. Suggested binary packages: libd0-rijndael0 (AES implementation), libd0-blind-id0 (the rest), libd0-blind-id-dev. Privacy implications: According to the Xonotic developers I spoke to, registration is normally carried out automatically, once per user of Xonotic. The centralized Xonotic server performs a "blind signature" on a public key generated by the user, so it knows the IP address used for registration, but not the public key or anything else about the user's identity. Individual game servers receive the user's public key, the blind signature, and the "blinding factor" necessary to check that the blind signature is valid. The use of signatures and a centralized server (rather than just having users present an unsigned public key) seems to be intended to allow users to be banned from a game server, in the same way server admins for proprietary games can ban users by an identity corresponding to their purchase (Steam ID, battle.net ID, Quake III Arena, CD-key, or whatever). Creation of identities is rate-limited by the server. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
