Roles: (They are all standard names for this kind of thing but why not) Alice

1. Roles: (They are all standard names for this kind of thing but why not)
2.  
3. Alice (The end user / the minecraft client software)
4. Bob (The Minecraft Server the user wants to connect to)
5. Trent (The Minecraft.net Server)
6. Eve (The hacker who is trying to impersonate Alice and connect to Bob)
7. Before anything happens, Alice generates an RSA Keypair and both Alice and Bob get a verified copy of Trent's public key wrapped in a certificate with full chain of trust signatures resolved which is also fully valid for login.minecraft.net.
8. Alice's public key will be known as APK.
9. Trent's public key will be known as TPK.
10. This proposition includes alternate verification. Standard login is known as protocol 14A. The optional extension is known as 14B. 14B can only be used if 14A has been used recently (Specifically if APK's hash is still present and valid in Alice's revokation list)
11.  
12.  
13. // LOGIN PROTOCOL 14A
14. First, Alice generates a random nonce known as ARN. She then encrypts her Password using this Nonce as the key, the result of which is known as AEP. Then, she encrypts the Nonce and the encrypted password using TPK. This result is known as TEP.
15. Alice connects to Trent (The connection from earlier can be reused if it's still valid).
16. Alice sends Trent her Username, TEP, and her Public key and that she's logging in using protocol 14A.
17. Trent now begins decrypting TEP.
18. He decrypts TEP using his Private key, and gets ARN and AEP.
19. Then, using ARN as the key, he decrypts AEP to get Alice's password.
20. Then, he checks to make sure Alice's password is correct.
21. Now that Alice has verified, he generates a login certificate containing APK, Alice's username, and a timeframe for which the certificate is valid and signs it.
22. The signed Login Certificate for Alice is now known as ALC.
23. /* The following is only used if Trent wishes to implement Protocol 14B.
24. He also stores a hash of APK in Alice's revokation list.
25. If this hash is already there, it simply updates the last used time.
26. Note that if a hash is not used in a timespan is CAN be removed from Alice's revokation list.
27. Also note that Trent can limit the number of hashes per user.
28. */
29. Trent then gives Alice ALC encrypted with Alice's public key. // Fixes replay attacks
30. Alice decrypts ALC with her Private key, and then verifies it has her public key and Username, and verifies the signature using TPK.
31. Alice Disconnects.
32.  
33. At this point, the following is true.
34. APK: Public
35. TPK: Public (Verified)
36. ALC: Public (Signed) (Verified)
37. ARN: Secure
38. AEP: Secure
39. TEP: Public (Encrypted with TPK)
40. Alice's Username: Public (Verified)
41. Alice's Password: Secure (Verified)
42.  
43.  
44. // LOGIN PROTOCOL 14B
45. Alice requires a signed and verified copy of ALC AND the matching private key for this protocol. If she does not have it, she has to fallback to protocol 14A. This signed copy of ALC and Alice's private key should only be saved to disk if the user specifically selects Save Login Credentials.
46. Alice connects to Trent and sends Trent ALC and that she's logging in using protocol 14B.
47. Trent verifies that ALC is valid.
48. He then generates a hash of APK and checks it versus Alice's revokation list.
49. If it is not there, authentication fails.
50. If timeouts are required, and it's out of date, Authentication fails.
51. If authentication has failed, Trent tells Alice that it has failed with the reason, informing her to fall back to Login Protocol 14A. // No reason to sign this: If the message is altered it's still not going to return a properly updated ALC.
52. If the hash is there and valid Trent updates the signature on ALC as well as updating the Valid timeframe.
53. The updated ALC is then encrypted using the contained APK and sent to Alice.
54. Alice decrypts her new copy of ALC and has authenticated sucessfully.
55.  
56. At this point, the following is true.
57. APK: Public
58. TPK: Public (Verified)
59. ALC: Public (Signed) (Verified)
60. Alice's Username: Public (Verified)
61. Alice's Password: Secure (Verified via ALC)
62.  
63.  
64. // NOTES WITH PROTOCOL 14B
65. If Alice changes her Password using the Minecraft.net website, ALL SAVED HASHES IN HER REVOCATION LIST SHOULD BE REMOVED.
66. The Minecraft.net website should also support viewing and removing hashes in the revocation list. This should include the IPs that last used those hashes (Both Alice's and Bob's), and when they were last used, so that in case a copy of a copy of ALC and Alice's Private key was aquired without Alice knowing, she can disable usage of it when she finds out.
67.  
68. // SERVER CONNECTION
69. Alice now wishes to connect to Bob.
70. Alice connects to Bob and sends Bob ALC.
71. Bob verifies ALC's signature using TPK, as well as verifying that the Timeframe is valid.
72. /* The following is only used if Trent wishes to implement Protocol 14B.
73. Bob then generates a hash of APK. He then encrypts this hash, Alice's Username, and Alice's IP using TPK. This result is known as BRR.
74. Bob attempts to contact Trent, sending BRR.
75. If Bob is unable to connect to Trent, authentication resumes, but Bob should log BRR for later, and should routinely contact Trent to attempt to verify BRR until it is verified sucessfully. If BRR is found to be revoked later, the server should drop Alice and possibly roll back changes to access lists.
76. Trent decrypts BRR.
77. Trent then compares the hash against Alice's Revokation list.
78. If the hash is not there, Trent tells Bob to refuse the connection saying that ALC has been revoked. This message should be signed, and verified with TPK by Bob upon receipt.
79. Trent responds to Bob saying to allow the connection, and that is has been verified as valid. This message should be signed, and verified with TPK by Bob upon receipt.
80. Trent now adds a log to the hash saying Alice's IP address (from BRR) and Bob's IP address, as well as the time. This information should be available on the revokation website as per Notation for Protocol 14B.
81. Trent also sends Alice's and Bob's IP to the stats server for tracking purposes.
82. */
83. Then, he generates a random key known as CSK and encrypts it with APK, which is known as ESK.
84. Bob then sends Alice ESK.
85. Alice decrypts ESK using her Private key to get CSK.
86. From this point on, all traffic is encrypted with CSK using a Stream cipher. Packets can optionally include a MAC if that type of packet is flagged as security critical, such as Chat packets. If a packet if flagged as security critical and the mac is not there or not valid that packet is dropped entirely OR Alice is disconnected from the server.
87.  
88. At this point, the following is true:
89. APK: Public
90. TPK: Public (Verified)
91. ALC: Public (Signed) (Verified)
92. CSK: Secure
93. ESK: Public (Encrypted with APK)
94. Alice's Username: Public (Part of ALC) (Verified)
95. Alice's Password: Secure (Not transferred) (Verified via ALC)