[sldev] Re: [META] Formal critique of new auth mechanism?

Rob Lanphier robla at lindenlab.com
Sat Sep 29 13:23:38 PDT 2007


On 9/29/07 12:55 PM, Dale Glass wrote:
> Looks good :-)
> BTW, by attaching a list of names I meant not attaching it to the whole 
> page, but to specific criticisms. Example:
>
> Viewer still involves running trusted code on the computer and could 
> initiate other attacks e.g. (Endorsed by Dale Glass, Nicholaz Beresford 
> and Gigs Taggart)
>
> And so on for each entry, as I imagine somebody will disagree with one part 
> or another, and checking what the page looked like at the time it was 
> signed is very burdensome.
>   


Well, I'm hoping that there's a large group here that can come up with a
single, well-worded critique that represents a broad consensus.  What I
/don't/ want is a laundry list of concerns that may only be shared by
one or two people.

My sneaky ulterior motive is to get you all throwing rocks at each other
rather than at us ;-)  I actually mean that in a constructive way:  I
suspect that there's a lot of you who sorta agree with one another, and
since you're vaguely united in opposing the new authentication proposal,
you aren't being very critical of one another's arguments.  Since there
are a lot more of you than the small team that's actually implementing
this, I'm hoping you can work together to sharpen your arguments, so
that we have something really substantive and sharply written to reply
to, rather than something really voluminous to reply to.

We generally respond a lot better when light is shed on a problem rather
than heat.  While I think the conversation so far has been very civil,
it's only now getting organized, so that's what I'm focusing on.

That's not to say that we won't respond to the issues that smaller
groups have, but I want to make sure we're apply our energy in the right
proportions.

Rob




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
Url : http://lists.secondlife.com/pipermail/sldev/attachments/20070929/6b16b8d4/signature.pgp


More information about the SLDev mailing list