[sldev] [IDEA] Signed Client Logs

[Dale Glass]

On Tuesday 13 November 2007 04:19:42 Chosen Raymaker wrote:
> BASIC IDEA
> 1) Each message sent from the server to the client is digitally signed.
Who makes the signature, the server? And which server are we talking about, 
LL's?

The LL servers seem very overloaded already, the extra load of signing 
stuff may be too much.

> 2) The client records all messages along with their signatures in a log.
> 3) When a complaint is filed against the user, the client may send any
> logs relevant to the incident back to the server.
> 4) The server can now make an informed decision on the complaint.
Why does the client need to send back anything? If the server delivered 
signed messages it might have as well logged them as well.

> REVISED IDEA
> Only important messages sent from the server to the client are digitally
> signed and logged by the client.
If the client does the signing, then the client can intentionally don't 
sign or create a bad signature.

> RE-REVISED IDEA
> The server generates a checksum for each block of, say, 100 important
> messages sent to the client.
> Each checksum is digitally signed and logged by the client, along with
> the corresponding messages.
What are important messages? What if your conversation is less than 100 
messages long? And if this includes all messages, do you want to reveal 
unrelated conversations happening at the same time?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20071113/17c4432f/attachment.pgp