Guns Auth indev

This page will be deleted and its data merged into Guns Lobby Protocol after I'm done cogitating on it, but for now I'll use it as a whiteboard.

Here's how I see a sample session for auth:

Sample Session
Legend: >>> messages from client to server <<< messages from server to client
 * 1) comments

>>> (socket.connect) <<< (socket.accept, etc) >>> SID (server ID) <<< CID (client ID) >>> AUT (something like sha-1 of (time, other stuff) encrypted with server private key) (client decrypts the above using server's public key, then...) <<< AUT (decrypted data from server, re-encrypted with client private key) (server decrypts with client pubkey, validates client altogether)
 * 1) further encrypt with server public key? would this help?

Server and client IDs
These things should be some unique identifiers to allow server and client to look up appropriate public keys in their key cache/on the metaserver.

Anonymous servers
A server can be completely anonymous -- i.e. have no key -- in which case its server ID is "anonymous". Otherwise, the server ID is a string set in data/server.cfg that matches a setting on the metaserver.

Server IDs are only available to paying clients (unless they're willing to hack a few things and restrict themselves to similarly hacked clients (note, I'm using hack in its non-destructive meaning)).

Metaserver
Resides somewhere like meta.guns-game.com or whatever (initially probably guns.narc.ro/meta) and provides a lookup for public keys. Simple RESTful API probably involves just GETting /key/(client|server)/&lt;id&gt;. HTTP cache control headers can define key caching times. This should be really easy to scale to demand.

Public/private keys
Plain old RSA keys assigned to server and client. We're not doing full SSL auth here, we just need to allow client and server to authenticate without passing passwords around and without putting too much strain on the metaserver (which is a weakpoint in any setup that needs one). Administration probably ingame, possibly for both, with a https web interface somewhere like secure.guns-game.com (initially probably secure.narc.ro/guns).