To CID or not to CID

Site Announcements
blastbeat
Member
Posts: 53
Joined: 10 Jan 2008, 19:56
Contact:

Re: To CID or not to CID

Post by blastbeat » 02 Aug 2009, 12:32

FleetCommand wrote: Actually I pretty like the possibility to reg users via CID. However it's true that most users and ops are unable to understand what it is and other things, but I'm pretty sure that it's because they are not informed.
i agree
FleetCommand wrote: Normal users are not needed to be informed about CID at all, they don't care, just enter to a hub, search, download, etc. But when you register someone by CID and you tell him that "hey, you're registered by CID which is cool since that means that you can come in with different nicks if you want. just don't forget to copy and save the pid in the settings to your new client if you replace your dc and your reg will remain. also, never tell anyone your pid because if you do so they can stole your reg", they will understand you. A note that I'm not talking about the "+regme fjsdlkfj" users, they simply suck, but if you reg a vip or an op, he will understand it.
well the most reg only hubs using luadch i know are only regging by nick, because nick changes arent wanted by hubowners. most users dont even know that they are in an adc hub, where nick changes are possible. i tried it in my own hub a while ago to explain what pid and cid is, where to find the pid and why the entry of the pid in dcplusplus.xml is called "cid" etc pp it sucks. (but maybe i am simply a poor annotator :D )
as long the major dc clients dont provide an easy way to manage pid/cid so that normal users can understand and handle it , its more or less useless. at the momemt the dc++ gui is still "nmdc based", nick is most important, pid can be found somewhere under advanced settings where no one wants to go. in "favorite hubs" pid/cid isnt even mentioned
darkKlor wrote: Well I wrote a hub command to get around that :P
!getcid <nick>
in luadch you can execute most commands like ban, reg etc via nick, cid or sid (which is kind of overhead). for me the best way is using ucmd in client and execute it by sid

Dj_Offset
Member
Posts: 53
Joined: 15 Sep 2008, 21:48
Location: adcs://adcs.uhub.org:1511
Contact:

Re: To CID or not to CID

Post by Dj_Offset » 02 Aug 2009, 17:22

darkKlor wrote:Addendum: A TLS Certificate is much more transportable than a CID. Just drop the .crt file into your certificates path when you change hub-software or do somethin like a clean install of your OS.
Screw that. Use a certificate, and generate the CID as a hash(public key). In ADCS the hub can simply verify the CID by doing the same computation, and for the following p2p connections the clients can do the same hash(public key) computation and compare it to the CID given through the hub to ensure forward secrecy.

The question then is, how do the client verify the hub as legitimate (no man in the middle), this can be done either as a certificate by a CA (following the HTTPS model), or a pinned self-signed certificate (modeled after SSH). The users are authenticated by means of password or public key (CID).

(Btw, Toast - That is the short version of my mini-ADCS spec)

Pietry
Senior Member
Posts: 328
Joined: 04 Dec 2007, 07:25
Location: Bucharest
Contact:

Re: To CID or not to CID

Post by Pietry » 03 Aug 2009, 07:58

blastbeat wrote: in some clients its even impossible to copy paste the CID
I don't think it's a protocol fault that clients don't have a simple command as get cid. Current clients are far from supporting all ADC can bring and I don't think hubs need to supply for their lacks ( implement commands that the client should have )
Just someone

Pietry
Senior Member
Posts: 328
Joined: 04 Dec 2007, 07:25
Location: Bucharest
Contact:

Re: To CID or not to CID

Post by Pietry » 03 Aug 2009, 07:59

I also like registering by CID because it gives users a lot more freedom. Better to have more possibilites and let the hubowner restrict them, then don't have any at all.
Just someone

blastbeat
Member
Posts: 53
Joined: 10 Jan 2008, 19:56
Contact:

Re: To CID or not to CID

Post by blastbeat » 05 Aug 2009, 21:45

a solution for the CID issue would be to assign exactly one SID per CID, and remember it in a session. so when an user logs in again he gets the same SID as before. storing 1000s of SID - CID pairs on the other hand is a bit painful and only practical on small hubs with stable user base

adrian_007
Senior Member
Posts: 126
Joined: 06 Jan 2008, 13:00

Re: To CID or not to CID

Post by adrian_007 » 05 Aug 2009, 23:02

i hope you know SID states for Session ID ...

blastbeat
Member
Posts: 53
Joined: 10 Jan 2008, 19:56
Contact:

Re: To CID or not to CID

Post by blastbeat » 05 Aug 2009, 23:40

so what?

Pietry
Senior Member
Posts: 328
Joined: 04 Dec 2007, 07:25
Location: Bucharest
Contact:

Re: To CID or not to CID

Post by Pietry » 06 Aug 2009, 07:53

blastbeat wrote:a solution for the CID issue would be to assign exactly one SID per CID, and remember it in a session. so when an user logs in again he gets the same SID as before. storing 1000s of SID - CID pairs on the other hand is a bit painful and only practical on small hubs with stable user base
I don't know if this actually solves the problem, but rather breaks the protocol idea, what's the point in using both sids and cids then ?
Just someone

blastbeat
Member
Posts: 53
Joined: 10 Jan 2008, 19:56
Contact:

Re: To CID or not to CID

Post by blastbeat » 06 Aug 2009, 10:01

save bandwidth, nick independency i guess. if i remember correctly, in the first versions of the protocol the CID was used instead of a SID

Locked