[sldev] 3rd party viewer policy post on blogs.secondlife.com

Robin Cornelius robin.cornelius at gmail.com
Wed Oct 21 04:35:50 PDT 2009

Previous message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Next message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Oct 21, 2009 at 12:26 PM, Argent Stonecutter
<secret.argent at gmail.com> wrote:
> On 2009-10-20, at 19:24, Ann Otoole wrote:
>> Why are people so worried? Is there a problem with having to
>> register like so many suggest content creators be "in good
>> standing" (registered)?
>
> People are worried about having to jump through some kind of code
> signing hoops every time they want to test a one line change.

I'm not _only_ worried about that, but also worried and commented on
the blog, that this is easily forged, so a malicious viewer could
pretend to be some other 3rd party viewer and get them banned/their
viewer banned. This kind of authentication relies on "some kind" of
secret being distributed with a viewer so the secret would be hackable
out of the good viewers code for use by the bad viewer, or even
directly taken out of the binary or sniffed on the wire.

The closest this type of security (shared private key) has to working
is when the secret is embedded in security ASICs and even this is not
completely secure.

Previous message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Next message: [sldev] 3rd party viewer policy post on blogs.secondlife.com
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list