Quote:
|
Tell me this, would a server admin need to register their server with a CA, apply for an SSL cert that expires, then apply it to their server
|
To answer this, it’s going to be a multi-part response
Quote:
|
would a server admin need to register their server with a CA, apply for an SSL cert that expires, then apply it to their server
|
First impression, "Yes". But with a "but". I’d be willing to Host a Certificate Authority people could submit their server cert requests to an issue them free of charge for a period of say, 10 years or something like that.
We could have it as ca.eqemulator.net or something simular
Quote:
|
then, all clients expecting to connect have to install the cert as well?
|
I do not believe so, as this would not affect the client to my understanding, its intended use would just be for World<->Zone communication and possibly Login Server<->World. This will need clarification from someone who more experienced in the communication between EQClient and EQEmu.
Granted, adding an extra process to the DataStream will slow it down, but if implemented correctly, it’s not even noticeable, think of https. (From my experiences).
This wouldn’t solve our security flaws, but it would be a good step in the right direction.
Also, we could make this a configurable option to have or not have, do depending on how the server admin feels at the time, they have the option to enable or disable SSL/TLS communications between EQEmu components.
- froglok