[sldev] More about viewer auth in today's RC

[Tateru Nino]

Phoenix wrote:
> On 2007-12-04, at 16:23, Tateru Nino wrote:
>> Jason Giglio wrote:
>>> Tess Chu wrote:
>>>> part of the system that is necessarily shrouded in the most secrecy
>>>> (since we are trying to keep the bad guys out).  Though we fully
>>>> expect
>>>
>>> If a security system relies on secret algorithms to be effective, it's
>>> worthless.
>> I'd have to go with Jason here. It _does_ sound like you're preaching
>> security-through-obscurity. Please, please, please, please correct us if
>> we misinterpreted what you meant.
>>
>> I'd also love to hear that the bit being kept secret isn't "This is a
>> part of the streambase integration" - I mean, that's all over the news,
>> but hasn't been mentioned here.
>>
>
> The quote is pretty unfair. To add some context:
>
> On 12/4/07, Tess Chu <tess at lindenlab.com> wrote:
> > (since we are trying to keep the bad guys out).  Though we fully expect
> > Second Life to become more open over time, there will always need to be
> > secrets.  We are, after all, not planning on publishing the root
> > password for our systems any time soon.
>
> I admit it freely -- if we give out a password, the system can be
> compromised. We are not employing any kind of homespun security system.
>
My misunderstanding - issues like passwords and keys I thought were
implicit. Apologies to Tess - it looked a whole lot to some of us like
she(?) was talking about goals, policies, procedures and algorithms.
It'd be pretty silly for us to assume that administrative credentials
were a matter for discussion.

-- 
Tateru Nino
http://dwellonit.blogspot.com/