[sldev] OpenID & SSL certificates

[Ryan McDougall]

On Mon, 2007-10-01 at 02:56 -0700, John Hurliman wrote:
> Ryan McDougall wrote:
> > Say that unless the viewer distributor places a digital signature on a
> > LL server along with the name of the downloader's name, LL will pop up a
> > warning that the viewer is not known to LL and may be adulterated.
> 
> As long as the adulterated viewer behaves and displays this warning to 
> the user, right?

Rez and in world object with a warning texture? Have the warning printed
on the LL website?

> ...

Oooh, dramatic pause. ;)

> 
> A users computer is acting as a proxy for the human to interact with 
> other systems, and to do this there is an implicit trust that the users 
> computer is accurately representing the user. In the current model of 
> personal computers and the Internet this is a fundamental law, and no 
> clever warning message or DRM system or UNIX permission model will ever 
> change that law unless you change the model (ala Trusted Computing, 
> which removes the implicit trust between the PC and the user).

No, but there is such a thing as cryptosystems. They are a fruitful area
of research by people smarter than you and I. A system that works mostly
is better than nothing. Don't confuse DRM with crypto. DRM is a system
of not trusting the user with their own computer, and often involves the
use of crypto.

You'll not what I'm advocating is using a crypto system to establish
_Identity_, not trust. In crypto research you start off always by
assuming you cannot trust anything. This is not easily confused with
"Trusted Computing (tm)".

Cheers,