[sldev] Scalable Sim Question

Lawson English lenglish5 at cox.net
Mon Aug 11 04:32:39 PDT 2008


Argent Stonecutter wrote:
> On 2008-08-10, at 21:54, Lawson English wrote:
>> Argent Stonecutter wrote:
>>> On 2008-08-10, at 18:22, Lawson English wrote:
>>>> It's even worse than that. I wouldn't expect piratesbay.org to be 
>>>> allowed to respresent ANY avatar on the SL grid, period.
>>>
>
>>> Why not?
>
>> Well, if they are the same piratebay with the same rep for handling 
>> avatar assets as for handling bootleg torrents, an avatar registered 
>> through piratesbay would be banned from just about anywhere except 
>> the "wild, wild west" grids.
>
>
> If the fact that the user is teleporting in from piratesbay instead of 
> registering a free alt on secondlife makes it more dangerous to let 
> the piratesbay account in, then there's a problem in the design.
>
> THAT is what I'm trying to get an idea of here.
>


Well, if you look at how login to the Agent Domain works, the client 
uses the AD as the intermediary to perform the introductions to any and 
all regions.

http://wiki.secondlife.com/wiki/SLGOGP_Teleport_Strawman

A malicious agent domain could insert itself as a man-in-the-middle 
proxy for all transactions between the sim and the client, and obtain 
any and all assets being sent to the client for display. Basically, it 
would be a copybot on steroids, funneling data directly into its own 
pirating-asset server, all the data being sent from the Second Life 
simulator to the client.


I don't see any way around this issue: any Agent Domain that is allowed 
to connect to the SL grid must be deemed as trustworthy as the most 
trusted grid granted access to the SL asset server. Agent Domains, by 
their nature, have to be the most trusted part of the entire system, 
because they have access to everything the client does because every 
client  that logs in via an AD is a potential copybot for that AD.


Lawson






More information about the SLDev mailing list