[sldev] Re: [META] Formal critique of new auth mechanism?

Nicholaz Beresford nicholaz at blueflash.cc
Sat Sep 29 16:03:46 PDT 2007


Rob Lanphier wrote:
 > We generally respond a lot better when light is shed on a problem rather
 > than heat.  While I think the conversation so far has been very civil,
 > it's only now getting organized, so that's what I'm focusing on.
 >
 > That's not to say that we won't respond to the issues that smaller
 > groups have, but I want to make sure we're apply our energy in the right
 > proportions.

I think (and would be surprised otherwise) there currently consensus among
those who replied here on the list that ...

1) the new auth mechanism does nothing to significantly increase security
    in terms of protecting user assets from malicious viewers (once the
    viewer is logged in, you're at the mercy of the viewer, no matter how
    you logged in)

2) the new auth mechanism  makes login to SL cumbersome and breaks many
    ways in which people are currently using SL (alts, switching between
    viewers, etc.)

3) the new auth mechanism will make it impossible for some environments
    to log in from at all (proxies, firewalls, security software, ...)
    or prevent specific forms of viewers (lean viewers, mobile systems,
    viewer on a memory stick, ...)

4) the new auth mechanism will break existing applications (bots, libsl,
    etc.) and these will have to work around these.

5) Allowing these (4) to work around it, means that 3rd party viewers can
    also work around it, meaning that you'll end up with 3rd party viewers
    which are a lot more convenient than the official viewer, essentially
    driving people away from the official viewer.

6) other mechanisms exist, which a) actually increase security and which
    b) do not break existing use and c) are less cumbersome

7) (this is my personal addition but I'd be amazed if anyone disagreed)
    people are losing a lot more assets and value through Linden
    malfunctions (lost inventory,  search & classifieds being not seen
    because of outages, etc.) than have ever been lost through spoofing
    or malicious viewers.

8) __whatever mechanism is implemented, should be a *choice* with the__
    __existing mechanisms remaining in place__

9) (see (8) )

10) (see (9) )


Bottom line is that the new auth mechanism is something that offers neglectible
improvement in security and will cause countless problems or developer hours
on both sides.


Nick


(Matt, feel free to copy that to the Wiki)

---
Second Life from the inside out:
http://nicholaz-beresford.blogspot.com/


More information about the SLDev mailing list