[Opensim-users] Banning "bad" viewers was Re: Can this be done?

John Ward jward at uci.edu
Fri Jan 15 18:07:29 UTC 2010 

On 01/15/2010 12:39 AM, Anders Arnholm wrote:
>
>
> Skickat från min iPhone
>
> 13 jan 2010 kl. 18.48 skrev John Ward<jward at uci.edu>:
>
>> On 01/13/2010 01:45 AM, Anders Arnholm wrote:
>>> On Tue, Jan 12, 2010 at 04:55:10PM -0800, John Ward wrote:
>>>
>>>> account in the first place, another similar layer.  If a grid
>>>> operator
>>>> wants a little better protection by checking the string the client
>>>> identifies itself with would seem a reasonable additional layer.
>>>
>>> The grid operator may give any stupid ideas to the user, but i
>>> would not
>>> call it security. Like there is no security in making a web-site that
>>> only works in IE. If the operator calls this a security thing, it's
>>> obvius that person don't know squat about security or is lieing.
>>> Either
>>> case lowers the trust for the operator to me.
>>
>> If one takes a step that thwarts an attack, has security been
>> improved?
>>   I say it has.  Does thwarting an attack make a system secure?  Not
>> necessarily.
>>
>> If you have stupidly written a web site that only securely works with
>> one browser should you try to restrict access to your web site to that
>> one browser?
>
> Not fixing once problem is irresponsible. If you have this problem and
> spend time on the workaround I would call you stupid. You have done a
> really bad system to start with you now have to pay the bill for not
> doing it right. Closing the site may be a better solution given all
> viewer already have a maskerade mode.

Ignoring the name calling....

When one designs the server side of a system and finds a security flaw 
in the client software that they did not write, then by your logic the 
server has responsibility to block the client or shut down the service. 
  That agrees with blocking you so vehemently reject.

>> If a password is not obscured it's not effective.  If I can guess it
>> or
>
> An easy knowlede as an easy password have lower
> value for authenication.

Exactly the point.  I use the word obscure the same way you do when you 
said "By makeing the knowledge some kind of long obsure string I made up 
my self. It's much harder for someone else to figure this out and the 
trust is me is me gets better"

>>> It's a part of authentication of the user.
>>> In security reserach one have identified
>>> three elemetrs thet is needed for an authenitcation of a person.
>>> "ownership", "knowledge" and "inherence". The passphase is the
>>> "knowledge" part, the harder something is to know the better thius
>>> leg
>>> of authentication. For example we couls say it you in phone can state
>>> when year you are born, I think you are you. This knowledge is quite
>>> easy for someone else to figure out so this leg is quite easy to
>>> break.
>>> By makeing the knowledge some kind of long obsure string I made up my
>>> self. It's much harder for someone else to figure this out and the
>>> trust
>>> is me is me gets better, Still is just the knowledge element. To
>>> make a
>>> good authentication one need atleast two elements. verifying the two
>>> other elements of authenitcation over the internet is almost
>>> impossible
>>> even if some atemts have been done.
>>>
>>> The passphase only lets you to some extent be sure of the person in
>>> the
>>> other end is the person he or she clames to be. It have nothing with
>>> securing what he or she can do.
>>
>> Determining who can do what is often called authorization.
>
> The password thou aint part of authorizarion. Its the part of knowing
> who is who. Once that is done one can go over to determing what that
> person can do.

Correct.  However some systems mix them.  The idea being that if access 
is the only permission available then authorization and authentication 
become a one to one correspondence.  I generally argue against this mixing.

>>>> I think having lots of easy to setup and use layers is a good
>>>> thing even
>>>> when some of them are easily defeated. :-)
>>>
>>> The big risk is that no security chain is stronger that it's weakest
>>> link. And having a loot of staong links in one part makes the user
>>> feel
>>> secure. Feeling secure whan one isn't could be fatal.
>>
>> I think of security in terms of layers not chains.  If one technique
>> is
>> subject to spoofing or man-in-the-middle attack I may need to add
>> other
>> layers.  I don't necessarily stop using those techniques because
>> they don't.
>>
>
> Both models have there vaildity the problem with the layer idea is
> when it applied to stuff that easy can be added into a tool.

Checking a string is on easy end of the scale.

More information about the Opensim-users mailing list