[sldev] [IDEA] Signed Client Logs
Alissa Sabre
alissa_sabre at yahoo.co.jp
Wed Nov 14 16:38:28 PST 2007
Chosen,
> I'm active in a couple of groups related to SL local governance, and one
> problem we often come across is the issue of evidence in the virtual
> world. What can you trust in a world where everything is artificial? You
> can trust the server, but access to the server (i.e. server logs) is
> restricted.
I'm not sure what is your goals, even after reading this. I have a
feeling that the purpose of your *idea* is to help resolving
resident-to-resident issues as opposed to residents-to-operator
issues.
If my understanding is correct, and you are confortable with the idea
that all parties 100% trust the operator (server), then the easiest
solution might be some offical procedure that the operator provides
their unaltered server log with an oath where required.
Who trusts whom is important here. Assume you sued me, and sent the
server log to the court. I could allege that you and the operator are
in conspiracy and the log is a forgery. Presence of the operator's
digital signature on the log doesn't change the case, since we all
know a malicious operator can digitally sign 1a false log file.
... but the discussion like this is not a technical one, and I'm
afraid someone on the list would say "Hey, SDLdev is for technical
discussion only."
So, I'm making some more technical comments.
> 1) Each message sent from the server to the client is digitally signed.
> Only important messages sent from the server to the client are digitally
> signed and logged by the client.
These schemes don' work. In a log like this, not just a presence of a
message, but also an absense of some particular message is usually
important as an evidence. If the server signs each message
separately, the receiver can remove some message that is at a
disadvantage to him from the log file.
So, you need to degitally sign some linkage/chaining information
between messages as well as the messages itself. One technique is to
form a block that consists of a message and the digital signature
value from the previous message, and digitally sign the whole. This
way, you can prove the list of digitally signed messages are actually
sent as in that particular sequence.
You can find similar technique in the research of something called
"digital notary system." I recommend you to read some papers in that
area, if you go further.
--------------------------------------
New Design Yahoo! JAPAN 2008/01/01
http://pr.mail.yahoo.co.jp/newdesign/
More information about the SLDev
mailing list