[Opensim-users] Call to discussion: code environment [Was: recent secondlife client versions don't support OSSL functions]
Bryan "Smash" Manternach
smash at smashwolf.com
Fri Sep 26 17:25:03 UTC 2008
I would like to see some sort of simple signing, or keying at least
where there are public and private keys, like SSH, or PGP, where you are
reasonably sure the communication, and data coming to you is from a
reliable authentic source. If the keys stop working, everything stops.
You'd think some key exchange layer could be devised.
-
Bryan "Smash" Manternach - President - Smashwolf Productions
100 Fossil lane, Boulder Creek, CA 95006. smash at smashwolf.com
831-338-3504 (o), 831-338-4365 (f), 408-209-3099 (m)
On Fri, 2008-09-26 at 19:00 +0200, Dr Scofield wrote:
> Diva Canto wrote:
> > It may be annoying for experimentation, but it is possible that Linden
> > Lab (r)/(tm) is doing this to start addressing the security issues of
> > interoperability. Once we have (a) clients running in untrusted servers;
> > and (b) servers running code sent by untrusted clients, all sorts of bad
> > stuff can happen. Or it may be that they're just doing it to prevent LL
> > viewer users from experiencing non-LL servers. Who knows.
> >
> > But the security issues are valid, whether that's LL's motivation or
> > not. It all boils down to trust. One of these days opensim will have to
> > start walking that slippery alley, and come up with a trust API for
> > servers and clients. I think we have an opportunity to do this right.
> > Trust is a people thing. Unlike the web, where people don't exist (only
> > ghostly agents defined by IPs and, maybe, cookies), we have people here.
> > So the policies can be specified at users' level. LL's static API
> > checking seems a bit odd. It may make more sense to ask the user whether
> > she trusts the region server.
>
> i think this is just bad design: checking at the client and trusting the client
> to send "good" code to the server is just naive. the server (if it wants to
> survive) has to be its own guardian. after all, we don't stop fixing apache bugs
> and assume, "oh, the client will prevent exploits from coming our way"...
>
>
> >
> > As for Stefan's idea of an aux client editor for code: have you tried
> > Visual C#? It's great! hehe ;-)
> > Seriously, my group here has been experimenting with all sorts of
> > completely different clients to get/post all sorts of different things
> > from/into the world. Once the Http server was made accessible to region
> > modules, there's no limit to what can be done, really... But for this to
> > scale beyond experimentation, we need to figure out trust.
>
> no. we need to have clear protocol specs and our grids need to be coded in such
> a way that they guard themselves.
>
> trust comes in at much higher level (for example, do i trust that grid to adhere
> to the licenses i attach to my objects?). trust should never replace caution and
> self-defense.
>
> dr scofield
>
More information about the Opensim-users
mailing list