Honse.FarmHonse.Farm

Technical Details

Architecture Overview

Honse Farm's architecture builds on the proven foundation of Mare Synchronos while adding federation capabilities. The system uses cryptographic authentication, distributed server discovery, and gossip protocols to create a resilient network.

Core Components

Client Plugin

A single Dalamud plugin maintained by experienced .NET developers serves all federation servers. The plugin handles:

  • Character data synchronization
  • Cryptographic identity management
  • Server connection and failover
  • Integration with Glamourer, Penumbra, and other plugins

Server Network

Independent servers run standardized software and communicate using shared protocols. Each server:

  • Maintains its own user base
  • Participates in the federation network
  • Discovers and connects to other servers
  • Handles player authentication

Federation Protocol

Servers cooperate using:

  • DNS-based bootstrap for initial network entry
  • Gossip protocol for ongoing network awareness
  • Ed25519 cryptography for all authentication
  • Standardized APIs for interoperability

Server Discovery

New servers join the federation through a two-phase discovery process:

DNS Bootstrap

Federation networks use DNS TXT records for initial server discovery:

v=honse1 servers=server1.domain.com:port,server2.domain.com:port bootstrap=true

Bootstrap Flow:

  1. New server queries DNS TXT record on configured bootstrap domain
  2. Extracts server list from standardized format
  3. Attempts connection to each bootstrap server
  4. Performs server identification and capability exchange
  5. Requests current network topology

Bootstrap Management:

  • Primary bootstrap domains run by maintainers
  • Secondary domains (trusted community servers) added as trust develops
  • Servers can override with custom bootstrap domains

Gossip Protocol

After bootstrap, servers use gossip to maintain network awareness:

Server Membership Updates:

  • Announcements of servers joining the federation
  • Notifications when servers leave gracefully
  • Updates to server contact information and capabilities

Network Topology Information:

  • Currently reachable servers
  • Server status and availability updates
  • Discovery of previously unknown federation members

Gossip Timing:

  • Regular gossip rounds at intervals with random peers
  • Immediate gossip for critical events (new servers, failures)
  • Prevents network fragmentation and isolation

Server-to-Server Security

All federation communications use cryptographic authentication to prevent unauthorized access and tampering.

Ed25519 Cryptography

The federation uses Ed25519 for strong security and fast signature generation.

Key Generation (Server Startup):

  1. Generate random 32-byte private key and derive public key
  2. Store private key securely with appropriate file permissions
  3. Publish public key via .well-known/* endpoint
  4. Private key persists across server restarts

Key Rotation:

  • New keys announced through gossip protocol
  • Old keys remain valid during transition period (default: 24 hours)
  • Gradual migration ensures network compatibility

Signed Requests

Every server-to-server API request includes a cryptographic signature:

  1. Create Canonical Request: Standardized representation of the request
  2. Generate Signature: Ed25519 signature using server's private key
  3. Attach Signature: Include signature in request header
  4. Include Key ID: Reference to public key for verification

Signature Verification:

  • Check cached public keys first
  • On cache miss/expiry, fetch public key from .well-known endpoint
  • Verify signature matches request content
  • Reject tampered or unauthorized requests

Player Authentication

Players prove their identity through Square Enix's Lodestone service, which serves as an external authority that cannot be manipulated by federation servers.

Authentication Flow

  1. Plugin Installation: Player installs the Honse Farm plugin
  2. Key Generation: Ed25519 key pair generated for the player
  3. Server Selection: Player chooses their home server
  4. Lodestone Challenge: Home server issues verification challenge
  5. Identity Verification: Two or three trusted federation servers verify Lodestone identity
  6. Key Binding: Player's public key bound to verified character on home server

Key Management

Character-Based Keys:

  • One private key per character (no account-wide keys)
  • Simplifies management and avoids Account ID issues

Key Storage:

  • Private key stored securely on player's device
  • Mnemonic phrase backup option for easy restoration
  • No password or session token needed

Key Recovery:

  • Lost keys recovered by re-verifying on Lodestone with home server
  • Resets player's cryptographic identity
  • Player must re-establish connections

Multi-Device Support:

  • Export/import key using mnemonic phrase
  • Simpler than file transfer
  • One key per player keeps management simple

Cryptographic Operations

After authentication, players use Ed25519 signatures for all operations:

  • No passwords or session tokens required
  • Strong authentication for cross-server interactions
  • Tamper-proof character data synchronization

Network Resilience

The federated architecture provides multiple layers of resilience:

No Single Point of Failure:

  • If one server goes offline, network continues operating
  • Players can switch to different servers
  • Data remains accessible through federation

Distributed Knowledge:

  • Gossip protocol ensures all servers know network topology
  • New servers automatically discovered
  • Network self-heals from partitions

Cryptographic Trust:

  • Server identity cannot be spoofed
  • Player identity verified by external authority (Lodestone)
  • All communications authenticated and tamper-proof
Previous
Server Owner FAQ
Next
Resiliency