[sldev] OpenID & SSL certificates
Ryan McDougall
ryan at ngigroup.com
Mon Oct 1 02:19:38 PDT 2007
Excuse my ignorance, but I was pretty sure secure token exchange was a
solved problem: when you register your account, you create a
Public/Private key set, and give the public key to linden. When you log
in you do the exchange and receive a private, temporary authorization
token. While this might have usability issues, its certainly solvable,
even if you just hand out a small "LL Acme PKI Keygen Magic-Tool" (based
on GPG).
Of course this brings us back to the original use case, an adulterated
client viewer source (where once you access, the game is up no matter
what).
So then the solution must be to not trust the viewer. Either:
1. Make a hard dependency on a system-installed key exchange system.
This would reduce the security problem to one of breaking the OS's
security, and thus we would wash our hands of it, not solve it.
On Linux this would be easy, but I don't know what MS or Apple provides
for their systems.
2. Put the security burden on distributors by creating a protocol that
identifies the source of the viewer binary, so at the least you always
know where your adulterated viewer came from.
Say that unless the viewer distributor places a digital signature on a
LL server along with the name of the downloader's name, LL will pop up a
warning that the viewer is not known to LL and may be adulterated.
Once again, apologies if I have totally missed the point. I look forward
to be corrected. :)
Cheers,
Ryan
More information about the SLDev
mailing list