[sldev] OpenID & SSL certificates
Dzonatas
dzonatas at dzonux.net
Tue Oct 2 16:44:14 PDT 2007
Argent Stonecutter wrote:
> On 02-Oct-2007, at 12:41, Dzonatas wrote:
>> Does the mere attempt to move authentication (as it exists now) from
>> the viewer to the web-site change anything?
>
> Absolutely.
It is an illusion. One is 2D and the other is virtual 3D on 2D.
>
> Given that it's using plaintext passwords over an unencrypted
> connection, there's nowhere to go but up. I just want to make sure
> that the road leading upward doesn't end up in a dead end.
The best anti-phishing mechanism still does not solve the bottom line
goal of anti-fraud. It is not just the login that matters, but there is
the need to verify identity. The login itself can not help verify real
identity, as it just allows anyone pass that knows the secret word. The
login does, however, need to be implemented in a way that people can
still enjoy anonymity.
If someone breaks the login, then we are screwed if there is no
anti-fraud measure. It would be comparable to the famous disruption at
the Anshe Chung interview... they couldn't stop it or tell who really
caused it!
It could have been worse (legally) especially if the teen grid and main
grid were united. (Yes, I would love to see these grids united, as
families belong together!)
--
Power to Change the Void
More information about the SLDev
mailing list