[sldev] [META] Formal critique of new auth mechanism?

[Argent Stonecutter]

On 29-Sep-2007, at 14:55, Callum Lerwick wrote:
> I'm not seeing much clarity on what exactly we're trying to fix here.

Me neither. Linden Labs wants more clarity from us, I think we need  
more clarity from them. If we come up with a solution to fight  
phishing and they are really trying to solve some other problem it's  
not going to help.

> The original message said something about phishing attempts. That's
> easily solved by using SSL and having the client strictly check that
> certificates match the grid it is expecting to connect to.

But let people override the check if they choose to... so they can  
connect to unsigned grids, so they can use their own smart proxies,  
so that they can still get in when something's broken at LL (right  
now I'm getting squid proxy errors from the SL web pages!) etc.

> If the worry is untrusted *clients*, well that's a whole different
> issue. And not a new one either. As Trusted Computing has yet to be
> signed into law, this is simply not under Linden Lab's control. Its in
> the user's hands. It's up to the user to decide what operating  
> systems,
> web browsers and SL clients they trust.

Yah, unless you go down the route of the combat MMORPGs and put  
checks to ensure you're using an unmodified client with no debuggers  
running, this is out of your hands... and if someone had distributed  
a compromised client the big bucks wouldn't be in stealing passwords.