[sldev] Scalable Sim Question

Argent secret.argent at gmail.com
Mon Aug 11 16:59:43 PDT 2008


On Mon, Aug 11, 2008 at 5:39 PM, Lawson English <lenglish5 at cox.net> wrote:

> it could grab the real CAP and pass a faux-CAP onto the client and transfer
> whatever data the client is asking for to its own pirate  server before
> passing it on.


Good point.

But... that raises another question.

If the CAP can't be authenticated as being from the region domain you think
you're connecting to then any kind of transproxy will have the same
problems... and the point of a transproxy is that you don't know it's there.
That's why SSL requires certificate authorities and PGP requires the web of
trust and SSH requires an unchanging host key.


> Unless the Agent Domain has trust agreements in place with a specific grid
> or set of grids, I don't think that you can log into an arbitrary Agent
> Domain and automatically expect to get into any arbitrary region (grid).


I'm not sure that buys you much practical protection, so long as you can get
a free account on SL with no meaningful authentication, since it's unlikely
that there will be any regions that refuse to allow logins from the Second
Life agent domain.


> It must be deemed trustworthy by wide range of destination regions AND a
> wide range of asset servers and other services and not just by default, but
> only by agreements/contracts/certificates/whatevers.


What I'm saying is that the AD really can at most be trusted to provide a
unique name and UUID that it guarantees represents the same person each time
it's used.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20080811/69de985b/attachment-0001.htm


More information about the SLDev mailing list