[sldev] 3rd party viewer policy post on blogs.secondlife.com

[Lear Cale]

On Wed, Oct 21, 2009 at 7:35 AM, Robin Cornelius
<robin.cornelius at gmail.com>wrote:

> On Wed, Oct 21, 2009 at 12:26 PM, Argent Stonecutter
> <secret.argent at gmail.com> wrote:
> > People are worried about having to jump through some kind of code
> > signing hoops every time they want to test a one line change.
> I'm not _only_ worried about that, but also worried and commented on
> the blog, that this is easily forged, so a malicious viewer could
> pretend to be some other 3rd party viewer and get them banned/their
> viewer banned. This kind of authentication relies on "some kind" of
> secret being distributed with a viewer so the secret would be hackable
> out of the good viewers code for use by the bad viewer, or even
> directly taken out of the binary or sniffed on the wire.
>
> The closest this type of security (shared private key) has to working
> is when the secret is embedded in security ASICs and even this is not
> completely secure.


Right -- there are really two issues here:

1) Is it technically feasible at all?
2) If it is, can we do it in a way that doesn't kill the open source
development/test cycle?

Until I hear a good answer for item #1, the rest is noise.

Lear
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.secondlife.com/pipermail/sldev/attachments/20091021/6d944c70/attachment.htm