[sldev] [META] Formal critique of new auth mechanism?

[Callum Lerwick]

I'm not seeing much clarity on what exactly we're trying to fix here.

The original message said something about phishing attempts. That's
easily solved by using SSL and having the client strictly check that
certificates match the grid it is expecting to connect to. Its a solved
problem. Why aren't we doing it?

If the worry is untrusted *clients*, well that's a whole different
issue. And not a new one either. As Trusted Computing has yet to be
signed into law, this is simply not under Linden Lab's control. Its in
the user's hands. It's up to the user to decide what operating systems,
web browsers and SL clients they trust.

The former issue, of course, depends on the latter. If a user chooses
poorly, all bets are off.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070929/c0a5b23d/attachment.pgp