[Opensim-dev] Security: multiple or the most generic?

[Michael Cortez]

Melanie wrote:
> They are very different. A key is specific for one client-server pair. 
> So for each region the client visits there is a unique key that the 
> other regions might not know about. When TPs are performed on the 
> server-side, this is equivalent to (b) because the regions are acting on 
> behalf of the agent. But for client-side Teleports, this makes all the 
> difference -- the regions don't know about the other regions' keys.
>   
I may be missing something, haven't had any caffeine yet this morning...

Any particular reason why the system could not use the SessionID 
(established for the source region) to validate the user as they 
transfer to the destination region -- but once validated, a new 
SessionID is generated for the target region and the old SessionID 
invalidated -- or if not invalidated, at least make it useless without 
some region key,  thus giving you a unique key-pair?  This would give 
you a unique "key" for each region, without the client having to be 
modified {negotiation of new Sessions would be done between the region 
and the authentication server.}

That would at least make it so that the regions don't know about the 
other regions' key pairs.

That said/asked...  I'm all in favor of whatever is the most secure 
route as an option -- as long as we maintain support for scenarios where 
the client is not the authoritative source.  If we lobotomize out the 
ability for a fire-walled and closed grid and regions to be 
authoritative then we also cut out entire usage scenarios where the 
default is not to trust the client, or anything the client says {think 
remote access to closed corporate networks or game scenarios.}

Just my half-awake two cents,
--
Michael Cortez