[sldev] Re: [META] Formal critique of new auth mechanism?

[Barney Boomslang]

Yep, count me on for all the points Nicholaz lists here. Rob asked for
a concise criticism. I think Nicholaz did exactly that in this list.

bye, Barney

On 9/30/07, Nicholaz Beresford <nicholaz at blueflash.cc> wrote:
>
> Rob Lanphier wrote:
>  > We generally respond a lot better when light is shed on a problem rather
>  > than heat.  While I think the conversation so far has been very civil,
>  > it's only now getting organized, so that's what I'm focusing on.
>  >
>  > That's not to say that we won't respond to the issues that smaller
>  > groups have, but I want to make sure we're apply our energy in the right
>  > proportions.
>
> I think (and would be surprised otherwise) there currently consensus among
> those who replied here on the list that ...
>
> 1) the new auth mechanism does nothing to significantly increase security
>     in terms of protecting user assets from malicious viewers (once the
>     viewer is logged in, you're at the mercy of the viewer, no matter how
>     you logged in)
>
> 2) the new auth mechanism  makes login to SL cumbersome and breaks many
>     ways in which people are currently using SL (alts, switching between
>     viewers, etc.)
>
> 3) the new auth mechanism will make it impossible for some environments
>     to log in from at all (proxies, firewalls, security software, ...)
>     or prevent specific forms of viewers (lean viewers, mobile systems,
>     viewer on a memory stick, ...)
>
> 4) the new auth mechanism will break existing applications (bots, libsl,
>     etc.) and these will have to work around these.
>
> 5) Allowing these (4) to work around it, means that 3rd party viewers can
>     also work around it, meaning that you'll end up with 3rd party viewers
>     which are a lot more convenient than the official viewer, essentially
>     driving people away from the official viewer.
>
> 6) other mechanisms exist, which a) actually increase security and which
>     b) do not break existing use and c) are less cumbersome
>
> 7) (this is my personal addition but I'd be amazed if anyone disagreed)
>     people are losing a lot more assets and value through Linden
>     malfunctions (lost inventory,  search & classifieds being not seen
>     because of outages, etc.) than have ever been lost through spoofing
>     or malicious viewers.
>
> 8) __whatever mechanism is implemented, should be a *choice* with the__
>     __existing mechanisms remaining in place__
>
> 9) (see (8) )
>
> 10) (see (9) )
>
>
> Bottom line is that the new auth mechanism is something that offers neglectible
> improvement in security and will cause countless problems or developer hours
> on both sides.
>
>
> Nick
>
>
> (Matt, feel free to copy that to the Wiki)
>
> ---
> Second Life from the inside out:
> http://nicholaz-beresford.blogspot.com/
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> /index.html
>