1 BIG missing thing

[Archangel]

I agree on all points about the security of GUIDs, I just wanted to point out that the proposed player IDs are not different from the GUIDs that we already have.

Very true.

I wouldn't go the TLS route however, first it doesn't even work on UDP links

Then make it work.

and second you have to setup that whole PKI structure with Certification Authorites etc. to make it work.

Perhaps a simpler system, TLS-like?

That's much to complicated for a computer game in my opinion.

But, it would work.

[Bissig]

You don't need CAs. The servers check the preinstalled cert to match the master servers cert.

I like the idea Archangel proposed. This would stop the aliasing problem (I don't mind regular players aliasing, but admins... it is just annoying). Aslong as it does not become a prerequisit like the Steam system it should be doable/acceptable.

[Jek]

We could just do a system similar to EVERY MMORPG SOLD IN NORTH AMERICA.

A simple username/password tied to an account. Stats would be account based and thereby it would allow name changes. Authentication could be server-side to prevent modding your account.

[Archangel]

Note how I emphasized *optional* ?

[mooseberry]

I just wanted to point out that the proposed player IDs are not different from the GUIDs that we already have.

Except that guids can be changed anytime, player IDs won't be able to be.

[Archangel]

player id != ingame name. Would simply be an id that might show up in !listplayers/!namelog,

[kevlarman]

I just wanted to point out that the proposed player IDs are not different from the GUIDs that we already have.

Except that guids can be changed anytime, player IDs won't be able to be.

this is impossible.

[Archangel]

Nothing is impossible.

[CreatureofHell]

Apart from impossible things 

[Urcscumug]

Seriously, there's nothing other than the IP address to uniquely identify a player. And even that poses problems in false positives, seeing how some ISP's rotate the IP allocation to their customers, or how more than one player may try to connect from behind the same IP with NAT. And "bad people" can get proxies.

You can also try to tie accounts to email addresses but it's not like there's a problem getting 100 of those at the drop of a hat.

So if the issue is identifying people perfectly, it's not possible, short of asking them to fax you a copy of their driver's license. The only thing you can do is associate incentives with keeping the same account for longer periods of time, so they'd be reluctant to ditch them. Goes the other way too: make it so that servers can be told to only accept accounts that have been registered for at least a few days, for example, so there'd be no "register account and 2 minutes later I'm server hopping and deconning".

[Archangel]

Yay, a waiting period to start playing a game!

[Bissig]

Proposal:

Anyone buying a shirt from MoF gets a secret pin printed on the shirt (don't worry: it will be printed on the INSIDE ;-P) and usable as a login credential that gives them instant L2 or whatever reward the server owners can think of. This should keep kids off the trem streets...

[Urcscumug]

@Archangel: That's the downside: you gain something at the expense of other things.