[sldev] OpenID & SSL certificates

[Ryan McDougall]

On Mon, 2007-10-01 at 08:36 -0500, Argent Stonecutter wrote:
> On 01-Oct-2007, at 04:19, Ryan McDougall wrote:

Sorry this should have been one mail...

> The solution is to not worry about that case

I think this discussion is suffering from a serious lack of
clarification on exactly what case we are trying to fix. I'd love to
hear from Sabin what he thinks of the discussion, and what use cases he
is after.

> is legit. You go to J Random User's public website, and if it's  
> crocked, Linden Labs can subpoena his identity from the ISP and lay  
> down a legal pimpsmack.

Thats exactly why my second solution, which no one seems to be
commenting on, is all about taking the burden off the user with all this
OpenID, custom URL handlers, SSL certs rot -- where the complexity and
thus chance of failure is high, and go to certifying the _Identity_ of
the binary provider (so LL can sue, as you state).

Its not hard, it covers the case well enough to make a difference, and
is easy enough to do in a way that makes things fair and open to any
potential viewer distributor.

Cheers,