On Wed, Oct 21, 2009 at 7:35 AM, Robin Cornelius <[email protected]>wrote:
> On Wed, Oct 21, 2009 at 12:26 PM, Argent Stonecutter > <[email protected]> wrote: > > People are worried about having to jump through some kind of code > > signing hoops every time they want to test a one line change. > I'm not _only_ worried about that, but also worried and commented on > the blog, that this is easily forged, so a malicious viewer could > pretend to be some other 3rd party viewer and get them banned/their > viewer banned. This kind of authentication relies on "some kind" of > secret being distributed with a viewer so the secret would be hackable > out of the good viewers code for use by the bad viewer, or even > directly taken out of the binary or sniffed on the wire. > > The closest this type of security (shared private key) has to working > is when the secret is embedded in security ASICs and even this is not > completely secure. Right -- there are really two issues here: 1) Is it technically feasible at all? 2) If it is, can we do it in a way that doesn't kill the open source development/test cycle? Until I hear a good answer for item #1, the rest is noise. Lear
_______________________________________________ Policies and (un)subscribe information available here: http://wiki.secondlife.com/wiki/SLDev Please read the policies before posting to keep unmoderated posting privileges
