[sldev] Scalable Sim Question

[Lawson English]

Argent wrote:
> On Mon, Aug 11, 2008 at 5:39 PM, Lawson English <lenglish5 at cox.net 
> <mailto:lenglish5 at cox.net>> wrote:
>
>     it could grab the real CAP and pass a faux-CAP onto the client and
>     transfer whatever data the client is asking for to its own pirate
>      server before passing it on.
>
>
> Good point.
>
> But... that raises another question.
>
> If the CAP can't be authenticated as being from the region domain you 
> think you're connecting to then any kind of transproxy will have the 
> same problems... and the point of a transproxy is that you don't know 
> it's there. That's why SSL requires certificate authorities and PGP 
> requires the web of trust and SSH requires an unchanging host key.
>  
>
>     Unless the Agent Domain has trust agreements in place with a
>     specific grid or set of grids, I don't think that you can log into
>     an arbitrary Agent Domain and automatically expect to get into any
>     arbitrary region (grid).
>
>
> I'm not sure that buys you much practical protection, so long as you 
> can get a free account on SL with no meaningful authentication, since 
> it's unlikely that there will be any regions that refuse to allow 
> logins from the Second Life agent domain.
>  
>
>     It must be deemed trustworthy by wide range of destination regions
>     AND a wide range of asset servers and other services and not just
>     by default, but only by agreements/contracts/certificates/whatevers.
>
>
> What I'm saying is that the AD really can at most be trusted to 
> provide a unique name and UUID that it guarantees represents the same 
> person each time it's used.
Well, it can also be trusted (we hope) not to play man-in-the-middle games.

Lawson