[sldev] 3rd party viewer policy post on blogs.secondlife.com

[Aidan Thornton]

On Thu, Oct 22, 2009 at 6:51 PM, Boroondas Gupte
<sllists at boroon.dasgupta.ch> wrote:
> Carlo Wood wrote:
>> 2) C == A or C == B. Tell C not to use encryption or not to send ARs.
> ... or to disclose the session key as part of the AR. (Assuming the
> session key won't give the governance team enough information about the
> private key, so future communication would still be save.)

There is no session key that can decrypt the communication. The way
OTR works is that it uses a new key for each message,which is
immediately thrown away. The *whole* *point* of OTR is to make both
decrypting previous conversations and proving the contents of
conversations as hard as possible - that's why it's called "off the
record". If you want your instant message conversations logged by
Linden Labs for AR purposes, don't use OTR.

Of course, this probably isn't the real problem Linden Labs have with
OTR encryption. They've got used to using mass monitoring of all IMs
and in-world chat to prevent griefing, amongst other things. (All the
effective griefer groups moved to out-of-world co-ordination channels
a long time ago for this reason.) OTR removes this monitoring ability,
making the grid gods a little bit less powerful.