You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cmd/ssl-team-client/README.md
+12-1Lines changed: 12 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@ The communication is established with a bidirectional TCP connection. Messages a
7
7
8
8
The .proto files can be found [here](../../pkg/refproto).
9
9
10
-
The default port is `10008`. The IP to connect to can be determined using the multicast referee messages.
10
+
The default port is `10008` for plain connections and 10108 for TLS encrypted connections. The IP to connect to can be determined using the multicast referee messages.
11
11
12
12
## Connection Sequence
13
13
The connection is described in the following sequence diagram:
@@ -29,6 +29,17 @@ The controller sends a token with each reply. It must be included in the next re
29
29
30
30
If a public key is present for the team name provided during registration, a signature is required. Else, the signature is ignored. The controller reply indicates, if the last request could be verified.
31
31
32
+
### A note to security
33
+
There are currently two ways to secure the connection. Both are optional. And actually, even if you implement both, the connection is not 100% secure. This is, because the game-controller will be accessible by everyone during a tournament. So putting a private key/secret on the game-controller PC is no solution, as we can not keep it private.
34
+
35
+
If you provide your public key and keep your private key secret, all messages, sent by you, can be verified by the game-controller. So, only you can change a keeper or reply to an advantage choice.
36
+
However, messages from the game-controller can not be verified. They might even be dropped. Using TLS makes it a bit harder to manipulate the connection with quite little effort (because most languages have libraries for it), but the server key could still be stolen from the game-controller computer.
37
+
38
+
You have the choice to either skip the security layers completely and trust the community or to implement one or two of the security layers, just to be sure.
39
+
Providing the public key will at least help in avoiding that other teams accidentally connect as a wrong team.
40
+
41
+
Ideas on how to make the protocol more secure without making it significantly more complex are welcome.
42
+
32
43
## Sample client
33
44
The sample client, that is included in this folder, can be used to test the connection. It can be run with
0 commit comments