[sldev] Scalable Sim Question

[Lawson English]

Argent Stonecutter wrote:
> On 2008-08-11, at 06:32, Lawson English wrote:
>> A malicious agent domain could insert itself as a man-in-the-middle 
>> proxy for all transactions between the sim and the client, and obtain 
>> any and all assets being sent to the client for display. Basically, 
>> it would be a copybot on steroids, funneling data directly into its 
>> own pirating-asset server, all the data being sent from the Second 
>> Life simulator to the client.
>>
>> I don't see any way around this issue: any Agent Domain that is 
>> allowed to connect to the SL grid must be deemed as trustworthy as 
>> the most trusted grid granted access to the SL asset server. Agent 
>> Domains, by their nature, have to be the most trusted part of the 
>> entire system, because they have access to everything the client does 
>> because every client  that logs in via an AD is a potential copybot 
>> for that AD.
>
> OK, so what you're telling me is that SL can never allow logins from 
> any other grid's agent domain, because the design is fundamentally 
> broken from a security standpoint as well as horribly inefficient.
I don't know about inefficient. If you think it is than why don't you 
contact ZEro and Zha and Tess and so on to help them fix the design or 
at least have them explain to me why my analysis is off.

And as far as "never" allowing something goes, I never said that. 
However, an Agent Domain is in a unique position to do mischief and has 
to be at least as trusted as the most trusted external grid that the SL 
servers agree to deal with.


Lawson