[sldev] OpenID & SSL certificates

[Argent Stonecutter]

On 01-Oct-2007, at 22:18, Ryan McDougall wrote:
> I propose that an out of process PKI library be used to transfer an
> temporary authorization token to the client viewer. Once the token has
> been handed to the viewer, then the viewer can do anything to the  
> user's
> account. We rely on the server and the PKI system to only hand the  
> token
> off when the Private Key, located on the user's machine, matches the
> Public Key stored on the LL server (given over SSL during  
> registration).

> The security of the system would rely on the assumption that a
> compromised viewer cannot break the OS's security, and access the
> Private Key.

If the user has downloaded the viewer (voluntarily, by his choice)  
then why would the user prevent the viewer he downloaded from getting  
to the private key he created? The viewer is expected to be able to  
read this key. It doesn't matter whether the viewer is from Linden  
Labs or J Random hacker, the user's GOT to be able to grant it the  
rights to get whatever information it needs to log in to Second Life,  
otherwise why is he downloading it? It doesn't matter whether those  
rights are granted by typing in his password or by right-clicking on  
an icon and selecting "Allow this program to access my keychain" or  
by responding to a dialog from teh OS when it asks to access the  
keychain. The user has downloaded and installed the package, because  
the user wants to use it to play Second Life.

This isn't like your wife's Chase bank account, because your wife  
isn't downloading a third party Chase Bank Account Viewer.