CID, PID ? Authentication or Identification
Posted: 23 Jan 2009, 10:24
That's right, this post is very controversial, it's about the CID/PID pair.
Some people hit me with the following question : the CID / PID is completely useless since a hub can easily find them out and impersonate somebody else. That's true, but the CID/PID were never supposed to be an authentication method. ADC uses passwords for that.
On of the NMDC flaws that is addressed by the CID / PID pair is the following: One could not identify a certain fellow user on different hubs. This way, the same user could leech from you on every hub you were both connected. Also, you could have a PM session with the same user on every hub as well.
On ADC, using the CID/PID pair, you have just one connection and one PM, that for smart clients (...)
DC++ for example will display in the title bar all the nicks under the different hubs the user is found in.
Also, registration is made on CID. What does that mean? One can use any nick to connect. This addresses the NMDC flaw where every user is identified by nick solely.
Now the big question is: why not have a single ID, CID, without the PID in the back? Earlier ADC versions ( 0.5 or 0.6 draft ) had this feature. A single CID.
Of what I know cologic had the idea of using the pair, and he had some reasons for using it. I can't remember now of a better reason, but I hope someone will or I will remember and post back.
My guess is: if you want to authenticate on some hub use CID + password. CID alone wasn't meant for that.
Some people hit me with the following question : the CID / PID is completely useless since a hub can easily find them out and impersonate somebody else. That's true, but the CID/PID were never supposed to be an authentication method. ADC uses passwords for that.
On of the NMDC flaws that is addressed by the CID / PID pair is the following: One could not identify a certain fellow user on different hubs. This way, the same user could leech from you on every hub you were both connected. Also, you could have a PM session with the same user on every hub as well.
On ADC, using the CID/PID pair, you have just one connection and one PM, that for smart clients (...)
DC++ for example will display in the title bar all the nicks under the different hubs the user is found in.
Also, registration is made on CID. What does that mean? One can use any nick to connect. This addresses the NMDC flaw where every user is identified by nick solely.
Now the big question is: why not have a single ID, CID, without the PID in the back? Earlier ADC versions ( 0.5 or 0.6 draft ) had this feature. A single CID.
Of what I know cologic had the idea of using the pair, and he had some reasons for using it. I can't remember now of a better reason, but I hope someone will or I will remember and post back.
My guess is: if you want to authenticate on some hub use CID + password. CID alone wasn't meant for that.