Difference between revisions of "Talk:LlRequestSecureURL"

From Second Life Wiki
Jump to navigation Jump to search
m (→‎Why does Linden Lab use a self-signed certificate?: Added my own comment about the existing Feature Request)
 
(One intermediate revision by the same user not shown)
Line 3: Line 3:
--[[User:Gregory Maurer|Gregory Maurer]] 19:41, 9 June 2009 (UTC)
--[[User:Gregory Maurer|Gregory Maurer]] 19:41, 9 June 2009 (UTC)
:Good catch, it's a typo. I've changed the example on http_request to illustrate the use of the return. Will be updating the others similarly. -- '''[[User:Strife_Onizuka|Strife]]''' <sup><small>([[User talk:Strife_Onizuka|talk]]|[[Special:Contributions/Strife_Onizuka|contribs]])</small></sup> 12:42, 10 June 2009 (UTC)
:Good catch, it's a typo. I've changed the example on http_request to illustrate the use of the return. Will be updating the others similarly. -- '''[[User:Strife_Onizuka|Strife]]''' <sup><small>([[User talk:Strife_Onizuka|talk]]|[[Special:Contributions/Strife_Onizuka|contribs]])</small></sup> 12:42, 10 June 2009 (UTC)
== ''Why'' does Linden Lab use a self-signed certificate? ==
In 2003, such an option would make sense: certificates were exceedingly expensive (they had been officially introduced half a decade earlier) back then.
In 2023, however, we have [https://letsencrypt.org Let's Encrypt], and these days they even emit 'universal' certificates for free (i.e. {{Mono|*.secondlife.com}}, so the same certificate can be used on everything under that domain name, no need to add each simulator server separately, or have a different key for them all). All that via a (reasonably complex) API. I'm pretty sure it would be just a question of spending an afternoon hacking at the CA code, as opposed to 'playing CA' (as much as it can actually be!), and 'recommending' residents to install LL's own self-signed CA certificate to 'prevent problems'. Also, the viewer comes with its own certificate bundle, signed by GlobalSign.
There might be a good reason for LL to act as their own CA, though (e.g. by being able to revoke certificates, or assign ''client''-side certificates for two-way client/server validation, and do that on demand). In that case, why don't they simply use a ''real'' certificate for that? The worst-case option — but nevertheless still marginally useful — would be to get their CA certificate also signed by [https://CACert.org CAcert], a community-based operation which has been signing certificates for free for an eternity. They are frowned upon by browsers these days ([https://wiki.cacert.org/InclusionStatus because they didn't follow the rules imposed] by the [https://cabforum.org/information-for-potential-members/ CA/Browser Forum], which determines which CAs are legitimate enough to be part of the list of certificates bundled with a browser, mostly by demanding insanely expensive security audits by third parties, which CAcert cannot afford), but they work exactly like any other (fully-automated) CA, and, of course, LL could simply add the CAcert root certificate with their viewer, so users won't need to install it separately (nor have it conflicting with whatever restrictions the CA/Browser Forum recommends for browser-bundled certificates).
It's just a thought. There ''are'' ways to make this so-called 'problem' of using self-signed certificates disappear. Using CAcert instead of your own CA managed from your basement is a far better solution; going with Let's Encrypt would be even better (I guess!).
Anyway, some reasons why certificates from CAcert are frowned upon are addressed on the [https://security.stackexchange.com/questions/126538/why-is-cacert-not-trusted-by-my-browser Security StackExchange] as well as on {{Wikipedia|CAcert.org|Wikipedia}}.
— [[User:Gwyneth Llewelyn|Gwyneth Llewelyn]] ([[User talk:Gwyneth Llewelyn|talk]]) 03:38, 24 February 2023 (PST)
: Also, this has now been made a feature request on the [https://feedback.secondlife.com/feature-requests/p/use-a-well-recognized-ca-for-simulator-https-listeners Feedback Portal]. — [[User:Gwyneth Llewelyn|Gwyneth Llewelyn]] ([[User talk:Gwyneth Llewelyn|talk]]) 06:04, 20 May 2024 (PDT)

Latest revision as of 05:04, 20 May 2024

I'm a bit confused, shouldn't this return a key? LSL_http_server#Script_API --Gregory Maurer 19:41, 9 June 2009 (UTC)

Good catch, it's a typo. I've changed the example on http_request to illustrate the use of the return. Will be updating the others similarly. -- Strife (talk|contribs) 12:42, 10 June 2009 (UTC)

Why does Linden Lab use a self-signed certificate?

In 2003, such an option would make sense: certificates were exceedingly expensive (they had been officially introduced half a decade earlier) back then.

In 2023, however, we have Let's Encrypt, and these days they even emit 'universal' certificates for free (i.e. *.secondlife.com, so the same certificate can be used on everything under that domain name, no need to add each simulator server separately, or have a different key for them all). All that via a (reasonably complex) API. I'm pretty sure it would be just a question of spending an afternoon hacking at the CA code, as opposed to 'playing CA' (as much as it can actually be!), and 'recommending' residents to install LL's own self-signed CA certificate to 'prevent problems'. Also, the viewer comes with its own certificate bundle, signed by GlobalSign.

There might be a good reason for LL to act as their own CA, though (e.g. by being able to revoke certificates, or assign client-side certificates for two-way client/server validation, and do that on demand). In that case, why don't they simply use a real certificate for that? The worst-case option — but nevertheless still marginally useful — would be to get their CA certificate also signed by CAcert, a community-based operation which has been signing certificates for free for an eternity. They are frowned upon by browsers these days (because they didn't follow the rules imposed by the CA/Browser Forum, which determines which CAs are legitimate enough to be part of the list of certificates bundled with a browser, mostly by demanding insanely expensive security audits by third parties, which CAcert cannot afford), but they work exactly like any other (fully-automated) CA, and, of course, LL could simply add the CAcert root certificate with their viewer, so users won't need to install it separately (nor have it conflicting with whatever restrictions the CA/Browser Forum recommends for browser-bundled certificates).

It's just a thought. There are ways to make this so-called 'problem' of using self-signed certificates disappear. Using CAcert instead of your own CA managed from your basement is a far better solution; going with Let's Encrypt would be even better (I guess!).

Anyway, some reasons why certificates from CAcert are frowned upon are addressed on the Security StackExchange as well as on "Wikipedia logo"Wikipedia.

Gwyneth Llewelyn (talk) 03:38, 24 February 2023 (PST)

Also, this has now been made a feature request on the Feedback Portal. — Gwyneth Llewelyn (talk) 06:04, 20 May 2024 (PDT)