Difference between revisions of "User:Which Linden/Office Hours/2008 Dec 4"
Jump to navigation
Jump to search
Which Linden (talk | contribs) (New page: * [11:08] Saijanai Kuhn: which online but not here...? * [11:08] Morgaine Dinova: Aha, a bamboo! * [11:08] [[User:Which Linden|Which Linde...) |
|||
Line 258: | Line 258: | ||
* [12:35] [[User:Goldie Katsu|Goldie Katsu]]: if we are talking auth in a broader sense | * [12:35] [[User:Goldie Katsu|Goldie Katsu]]: if we are talking auth in a broader sense | ||
* [12:36] [[User:Goldie Katsu|Goldie Katsu]]: and right now auth is on a per-site basis in most cases | * [12:36] [[User:Goldie Katsu|Goldie Katsu]]: and right now auth is on a per-site basis in most cases | ||
* [[User:Which Linden|Which Linden]] | *[12:37] [[User: Which Linden|Which Linden]]: OK, I'm really sorry but I have to run | ||
*[12:38] [[User: Monalisa Robbiani|Monalisa Robbiani]]: dont forget my bear | |||
*[12:38] [[User: Which Linden|Which Linden]: Feel free to add on to the transcript here: https://wiki.secondlife.com/wiki/User:Which_Linden/Office_Hours/2008_Dec_4 | |||
*[12:38] [[User: Goldie Katsu|Goldie Katsu]]: Thank you for your time | |||
*[12:38] [[User: Which Linden|Which Linden]]: oh! | |||
*[12:38] [[User: Which Linden|Which Linden]]: didn't see the IM | |||
*[12:38] [[User: Monalisa Robbiani: sent you IM|Monalisa Robbiani: sent you IM]]:) | |||
*[12:38] [[User: Morgaine Dinova|Morgaine Dinova]]: Cheers Which, take care :-) | |||
*[12:38] [[User: Monalisa Robbiani|Monalisa Robbiani]]: hihi *giggle* | |||
*[12:38] [[User: Monalisa Robbiani|Monalisa Robbiani]]: thankies | |||
*[12:38] [[User: Goldie Katsu|Goldie Katsu]]: oh a | |||
*[12:38] [[User: Goldie Katsu|Goldie Katsu]]: bear | |||
*[12:38] [[User: Goldie Katsu|Goldie Katsu]]: could I have one? | |||
*[12:38] [[User: Zha Ewry|Zha Ewry]]: Thanks Which | |||
*[12:38] [[User: Goldie Katsu|Goldie Katsu]]: yay! | |||
*[12:39] [[User: Which Linden|Which Linden]]: Thank you! I'll see you next time | |||
*[12:39] [[User: Morgaine Dinova:|Morgaine Dinova]]: Oh, I don;t have a Which bear either :-) | |||
*[12:39] [[User: Zha Ewry|Zha Ewry]]: What do horses do with Linden Teddy Bears? | |||
*[12:39] [[User: Monalisa Robbiani|Monalisa Robbiani]]: horses? | |||
*[12:39] [[User: Goldie Katsu|Goldie Katsu]]: Let them ride on their back | |||
*[12:39] [[User: Monalisa Robbiani|Monalisa Robbiani]]: haha | |||
*[12:39] [[User: Monalisa Robbiani|Monalisa Robbiani]]: o.O | |||
*[12:39] Zha Ewry grins | |||
*[12:39] [[User: Zha Ewry|Zha Ewry]]: Of course | |||
*[12:39] [[User: Goldie Katsu|Goldie Katsu]]: lol | |||
*[12:39] [[User: Monalisa Robbiani|Monalisa Robbiani]]: 77 bears | |||
*[12:39] [[User: Monalisa Robbiani|Monalisa Robbiani]]: yay | |||
*[12:40] [[User: Morgaine Dinova|Morgaine Dinova]]: Wow! | |||
*[12:40] [[User: Goldie Katsu|Goldie Katsu]]: Are you in the linden bear collector group? | |||
*[12:40] [[User: Monalisa Robbiani|Monalisa Robbiani]]: and all pesonally taken from them | |||
*[12:40] [[User: Monalisa Robbiani|Monalisa Robbiani]]: yes I am | |||
*[12:40] [[User: Goldie Katsu|Goldie Katsu]]: good! | |||
*[12:40] [[User: Monalisa Robbiani|Monalisa Robbiani]]: ugh so scripts hjere | |||
*[12:40] [[User: Goldie Katsu|Goldie Katsu]]: yeah | |||
*[12:41] [[User: Goldie Katsu|Goldie Katsu]]: that's why I'm standing instead of sitting. | |||
*[12:41] [[User: Morgaine Dinova|Morgaine Dinova]]: So Zha ... which part of SSL cert auth isn't enough for you? | |||
*[12:41] [[User: Goldie Katsu|Goldie Katsu]]: oooh a tinies seat. | |||
*[12:42] [[User: Goldie Katsu|Goldie Katsu]]: (sorry that was off topic.) | |||
*[12:42] [[User: Monalisa Robbiani|Monalisa Robbiani]]: ride anyone? | |||
*[12:42] [[User: Zha Ewry|Zha Ewry]]: SLL cert auth, at the web-service to web-service level, is, at best goign to be a bear to manage | |||
*[12:43] [[User: Goldie Katsu|Goldie Katsu]]: (lol bear hunting tag is active ) | |||
*[12:43] [[User: Morgaine Dinova|Morgaine Dinova]]: Indeed, doing it the current way (which is manual) isn't going to work. | |||
*[12:43] [[User: Zha Ewry|Zha Ewry]]: Right | |||
*[12:44] [[User: Zha Ewry|Zha Ewry]]: and. when you hit the NxMxC case I'm not sure how many certs I need in a big service, like a IM hub, or a asset backup service | |||
*[12:44] [[User: Zha Ewry|Zha Ewry]]: (N x M regions x C components) | |||
*[12:45] [[User: Morgaine Dinova|Morgaine Dinova]]: But the problem there is, that all non-manual methods have no security to mention. | |||
*[12:45] [[User: Morgaine Dinova|Morgaine Dinova]]: Ie. it's theatre | |||
*[12:46] [[User: Zha Ewry|Zha Ewry]]: Well | |||
*[12:46] [[User: Zha Ewry|Zha Ewry]]: part of me is inclined, for that very reason | |||
*[12:46] [[User: Zha Ewry|Zha Ewry]]: to keep certs at domains | |||
*[12:46] [[User: Zha Ewry|Zha Ewry]]: and use a leased, shared secret between the low level comp[onents | |||
*[12:46] [[User: Zha Ewry|Zha Ewry]]: (established by the cert based domain services) | |||
*[12:47] [[User: Zha Ewry|Zha Ewry]]: as the thing we use to setup the HTTPS pipes between the low level components | |||
*[12:47] [[User: Zha Ewry|Zha Ewry]]: GGF did that with X.509 proxies | |||
*[12:47] [[User: Morgaine Dinova|Morgaine Dinova]]: Sure, that's no problem. The shared secret is really just the session key, short lived. | |||
*[12:47] [[User: Zha Ewry|Zha Ewry]]: But they seem heavyweight, and aimed at end user authentication | |||
*[12:48] [[User: Zha Ewry|Zha Ewry]]: well, one might go one step longer term, and allow the session key to be reused in limited ways, but.. there are some real | |||
*[12:48] [[User: Zha Ewry|Zha Ewry]]: risks you trade off there | |||
*[12:48] [[User: Zha Ewry|Zha Ewry]]: (ie, can I pass the session key from service to service, locally, within a domain, for a short while) | |||
*[12:49] [[User: Zha Ewry|Zha Ewry]]: keep a short time to livce | |||
*[12:49] [[User: Zha Ewry|Zha Ewry]]: (which makes the kabuki much more acceptable) | |||
*[12:49] [[User: Morgaine Dinova|Morgaine Dinova]]: It's a necessary risk though. Without it you'll never be able to move sessions from a home device to a mobile device for example. | |||
*[12:50] [[User: Zha Ewry|Zha Ewry]]: Oh, more importantly, be to establish the session to asim, and then pass it to an adjacent sim, on boundrary crosssing, without a heavy transaction | |||
*[12:50] [[User: Zha Ewry|Zha Ewry]]: I | |||
*[12:50] [[User: Zha Ewry|Zha Ewry]]: am pretty comfortable with laptop to cell phone handoff being heavyweight | |||
*[12:50] [[User: Zha Ewry|Zha Ewry]]: I am much less willign to let thsat happen on sim to sim | |||
*[12:50] [[User: Morgaine Dinova|Morgaine Dinova]]: True | |||
*[12:51] [[User: Zha Ewry|Zha Ewry]]: What i really want to make sure we manage, is a good balancing point | |||
*[12:51] [[User: Zha Ewry|Zha Ewry]]: and bake it in low, so we don't encumber 90% of the protocol with it | |||
*[12:51] [[User: Zha Ewry|Zha Ewry]]: (and keep it deeply orthogonal from policy) | |||
*[12:53] [[User: Zha Ewry|Zha Ewry]]: OK, I need liquid and five minutes of clear brain time, to prerp to talk to a senior executive about some funding | |||
*[12:53] [[User: Morgaine Dinova|Morgaine Dinova ]]: Good luck :-) | |||
*[12:53] [[User: Zha Ewry|Zha Ewry]]: Oh, and I've gently relayed the "WTF is happening, you are going to get bypassed" concern to Zero. | |||
*[12:53] [[User: Goldie Katsu|Goldie Katsu]]: good luck. | |||
*[12:53] [[User: Goldie Katsu|Goldie Katsu]]: Good! | |||
*[12:53] [[User: Morgaine Dinova|Morgaine Dinova]]: Hehe, so did I Zha. | |||
*[12:54] [[User: Zha Ewry|Zha Ewry]]: Not like Zero isn't aware | |||
*[12:54] [[User: Morgaine Dinova|Morgaine Dinova]]: He hasn't replied, sadly | |||
*[12:54] [[User: Zha Ewry|Zha Ewry]]: Ah. I got an "Painfully aware of that" | |||
*[12:54] [[User: Zha Ewry|Zha Ewry]]: Mind you my note started with "As I am sure you are painfully aware" | |||
*[12:55] [[User: Goldie Katsu|Goldie Katsu]]: lol | |||
*[12:55] [[User: Goldie Katsu|Goldie Katsu]]: Go take your 5 minute prep time | |||
*[12:55] [[User: Zha Ewry|Zha Ewry]]: yeps | |||
*[12:55] [[User: Morgaine Dinova|Morgaine Dinova]]: Take care :-) | |||
*[12:55] [[User: Zha Ewry|Zha Ewry]]: *poof* | |||
[[Category: Grid Interoperability Chat Logs]] | |||
[[Category: AW Groupies Transcripts]] |
Latest revision as of 19:34, 4 December 2008
- [11:08] Saijanai Kuhn: which online but not here...?
- [11:08] Morgaine Dinova: Aha, a bamboo!
- [11:08] Which Linden: Hey everyone, sorry I'm late
- [11:08] Which Linden: Got caught flat-footed by the viewer update
- [11:08] Zha Ewry: Hey Whihc.
- [11:08] Saijanai Kuhn: which important transcript: https://wiki.secondlife.com/wiki/User:Zero_Linden/Office_Hours/2008_Dec_04
- [11:08] Morgaine Dinova: Hiya Which, 'morning :-)
- [11:09] Zha Ewry: Maybe its only mobile Linden's who are misplaced
- [11:09] Saijanai Kuhn: might want to skm that since we're kinda here as a continuation of it, Which
- [11:09] Morgaine Dinova: Zha: you think it's gravity-related?
- [11:10] Goldie Katsu: Well there does seem to be a bit of gravity to it.
- [11:10] Which Linden: Hm, ok, so I'm getting the bit about dissatisfaction with Linden's participation in OGP, am I reading that right?
- [11:10] Morgaine Dinova: I think the word is "absence"
- [11:11] Which Linden: So what happened? I'm not involved with that group.
- [11:11] Which Linden: Though I wish I was
- [11:12] Saijanai Kuhn: Zero's been away for over a month, Infinity had a family emergency, whump's been talking about merging OGP office hours with AWG, and opensim, libomv, realxtend, etc, are all moving in different directions with no coordination with OGP
- [11:13] Which Linden: Heh have they ever coordinated with OGP?
- [11:13] Saijanai Kuhn: well, its getting to be more an issue what with duplicated functionality anbd the like
- [11:13] Morgaine Dinova: Plus a string of no-shows at meetings, despite being in-world. Not even a "No meeting today" sign, just total disconnect.
- [11:13] Which Linden: One thing to recall is that every single project at Linden is dangerously understaffed so the incapacitation of a few key members will always have catastrophic impact
- [11:14] Which Linden: abases self for not explicitly cancelling his own office hours last week
- [11:14] Goldie Katsu: the problem is that Virtual worlds are moving forward whether or not there are good reasons for the absence.
- [11:14] Morgaine Dinova: Which is fine in itself, since the community will do its own thing, no problems. But it's not fine for LL. You're losing the reigns.
- [11:15] Goldie Katsu: whinneys appropriately
- [11:15] Goldie Katsu: (sorry couldn't help horsing around)
- [11:15] Which Linden: I'm touched that you're concerned about that, actually. :-)
- [11:16] Saijanai Kuhn: the entire metaverse thing leverages off of Second Life. think everyone wants you to be the leaders BUT...
- [11:16] Zha Ewry: Well, there is, I think, s strong sense that it will be disrupive, in ways both good and bad (short term lots of bad) if it loses any connection to the Second Life grid
- [11:17] Goldie Katsu: we seem to be at a point where people are asking if LL will be participating or if we should just move forward.
- [11:17] Goldie Katsu: and what Zha said.
- [11:17] Morgaine Dinova: Well I just see it from the PoV of interop. The nightmare of thousands of worlds all requiring different viewers is not something I want to see.
- [11:18] Which Linden: I'm going to do some investigation and find out.
- [11:18] Deckard Lebed: thousands of different viewers might not be a problem, like we have 1000 of diff TV sets, which all take the same cable at the back
- [11:18] Deckard Lebed: but pardon me, I came in and dont really know what we are talking about :)
- [11:18] Which Linden: I think we all agree it's in our best interests to be at teh forefront of progress here
- [11:18] Zha Ewry: Imagine having to load a viewer every third web page
- [11:19] Morgaine Dinova: Indeed
- [11:19] Which Linden: Yeah, Deckard, OGP is more about the cable in the back
- [11:19] Zha Ewry: Oh, I want to watch NBC, let me get out the BC television
- [11:20] Saijanai Kuhn: https://wiki.secondlife.com/wiki/Open_Grid_Public_Beta explains the current OGP project, Deckard
- [11:20] Deckard Lebed: and while some Lindens ignore office hours which may make it seem like they are treating this like a game instead of work, I am sure Which doesnt have much he can do about it, being one cog in a slightly larger clock :)
- [11:20] Morgaine Dinova: It's not a disaster for all the cables to be different, since in time they'll merge. But it will be painful for devs and users alike.
- [11:21] Deckard Lebed: aah OGP, of course
- [11:21] Which Linden: How long have you all observed Linden withdrawal from OGP for?
- [11:21] Zha Ewry: In particular, it hurts on critical mass and network efects
- [11:21] Goldie Katsu: I don't think it is an issue of treating it like a game, the concern is that things are moving and we aren't seeing/hearing much from LL.
- [11:21] Goldie Katsu: 2 months?
- [11:21] Which Linden: Heh, so that would cioncide with Q4 then
- [11:21] Zha Ewry: I think the way Iw ould describe it is
- [11:22] Zha Ewry: that..
- [11:22] Morgaine Dinova: Well I guess it started when the Studios dissolved
- [11:22] Zha Ewry: once we complete the OGP teleport demo, and started to look atw hat was next...
- [11:22] Goldie Katsu: yeah. I know there is lots going on internally, it's just that there is lots going on externally as well.
- [11:22] Zha Ewry: we hit this sort of awkward pause
- [11:22] Which Linden: The studios dissolved roughly at the time OGP got started, so, I don't think that's it, Morgaine
- [11:22] Zha Ewry: and then more of a simple "Well, meybe we could sort of look at IM"
- [11:23] Morgaine Dinova: Oh, lol. Sorry, I thought it was just a few months ago
- [11:23] Zha Ewry: But a real sense of we're not gonig to push on any of this at the moment
- [11:24] Which Linden: Hm, jsut speculating here, maybe there's internal disagreement about what the right nex thing to tackle is
- [11:24] Goldie Katsu: (yes, we are dragging an alternative conversation to Which since we are trying to find a pipe that goes into Linden Lab that is open at the moment.)
- [11:24] Which Linden: Another theory is that people are currently engaged in attempting to deploy OGP to the production grid (again, just speculation)
- [11:25] Which Linden: Heh, I don't mind talking about OGP, though every time we do it makes me wish I had more a priori knowledge
- [11:25] Morgaine Dinova: Which: well it *could* all be a coincidence ... but it's felt more like a planned disconnect.
- [11:26] Saijanai Kuhn: which, there's almost nothing to it right now: https://wiki.secondlife.com/wiki/OGP_Explained#OGP_Draft_5_Teleport
- [11:26] Saijanai Kuhn: what is there, is nice, IMHO, but we lack important parts that would let the greater metaverse community move forward even if LL has to backburner it
- [11:26] Zha Ewry: I'd say more of an unplanned siconnect, but.. still a disconnect
- [11:27] Which Linden: Morgaine: I'm sure it seems that way, but please take my assurance that we are not abandoning OGP
- [11:27] Goldie Katsu: I agree with Zha, it was timed rather well with a quarter break.
- [11:27] Goldie Katsu: the problem is that in that disconnect other groups are moving forwrad which has the potential to make the OGP obsolete for actual interoperability between grids.
- [11:27] Zha Ewry: The way it plays out, community wise, is that people are looking at what to invest in next, and where to go
- [11:28] Saijanai Kuhn: I see it as a confluence (?) of new CEO, immediate grid woes, family issues, etc. But we still want to move forward even as LL is stalled
- [11:28] Which Linden: Right, so we want to kick off discussion and work in the same direction rather than everything at once
- [11:28] Goldie Katsu: saijanai++ which++
- [11:28] Morgaine Dinova: Well to put it another way ... two more months of this and you'll be following taillights.
- [11:29] Which Linden: Or... alternatively it would have been cool had we been able to say "break time, everyone mess around and come back and show us whatyou made that is cool"
- [11:29] Saijanai Kuhn: which, we lack 2 important pieces in OGP to let that happen without a complete mess
- [11:29] Saijanai Kuhn: service discovery and a pattern defined for outgoing client to AD communications
- [11:30] Saijanai Kuhn: once we have that, we can at least have people workign on things that will superficiallly be compatible without it, its just meta kludges
- [11:31] Which Linden: Hm, well you can imagine how service discovery is not a thing to be just tacked on, that defining it might be a major effort in and of itself
- [11:31] Which Linden: But I agree with you that it would be a big meta-step forward
- [11:31] Saijanai Kuhn: sure, but... :-/
- [11:31] Zha Ewry: People have raised about three major buildng blocks, all of which are useful
- [11:32] Zha Ewry: Discovery
- [11:32] Zha Ewry: Securing some of the connections
- [11:32] Zha Ewry: and a coherent approach for naked UUIds
- [11:32] Zha Ewry: (Oh, and there is much whinign about the request qqueeu(
- [11:32] Morgaine Dinova: I'm pretty sure that the original LL plan was to lead the community after open-sourcing ... that way even though a thousand sites are offering products, you're still seen as the leader, and gain the rewards. But that doesn't work when you disappear ;-)
- [11:32] Saijanai Kuhn: must run folks. Recoding on
- [11:32] Morgaine Dinova: Cya Sai
- [11:33] Goldie Katsu: see ya Sai
- [11:33] Deckard Lebed: hehe i will take this opportunity too, this is way above me :)
- [11:33] Morgaine Dinova: Cya Deckard
- [11:33] Goldie Katsu: See ya Deckard
- [11:34] Which Linden: See ya sai
- [11:34] Which Linden: and decakrd
- [11:35] Morgaine Dinova: Well, service discovery is really fairly independent of everything else. It's really just a link provider. (I'm not altogether certain why Sai isn't emulating SD)
- [11:35] Which Linden: What do you mean, emulating SD?
- [11:36] Morgaine Dinova: Pretending that a service discover service sent you something meaningful :P
- [11:37] Which Linden: Oh! Hm
- [11:37] Morgaine Dinova: Maybe Sai can't actually find the relevant entry points at all.
- [11:37] Zha Ewry: The other thing I am concrned is going to happen, at some point, is that the OpenSim team is going to fork away from Caps...
- [11:38] Zha Ewry: At which point, the whole interop story between Linden's grid, and OpenSim, falls away
- [11:38] Morgaine Dinova: Zha, what's the name of the group with the Gridnauts tag? Doesn't seem to be Gridnauts, unless it's hidden
- [11:38] Yasmine Alvord: smiles softly and clears her throat...terribly sorry to interrupt, i'm not here for this particular topic, but if you could possibly steer me to a Linden that can handle customer service issues I would certainly appreciate it
- [11:39] Zha Ewry: Gridnauts
- [11:39] Which Linden: Yasmine, I think the right place is secondlife.com/support -- there's a bunch of ticketing solutions and live chat there that is the official channel
- [11:39] Yasmine Alvord: thank you very much Which, a bientot
- [11:41] Morgaine Dinova: Well there's no Gridnauts group in groups search, just two: Gridnauts-France and ReactionGrid.com Gridnauts
- [11:42] Which Linden: Gridnauts is just a mailing list right?
- [11:42] Morgaine Dinova: No, it's an in-world group that PyOGP uses
- [11:43] Zha Ewry: I'd gently prod Whump
- [11:43] Zha Ewry: At the infrastructgure level
- [11:44] Morgaine Dinova: Would probably be a good idea if he appointed you an officer for invites
- [11:44] Zha Ewry: I'd like to see something done to allow basic service level authentication between services in interoperating grids
- [11:45] Morgaine Dinova: What would you need for that to happen?
- [11:45] Which Linden: Is that service discovery?
- [11:45] Morgaine Dinova: Do you need Sai's SD function first for that?
- [11:47] Morgaine Dinova: Hola Llave
- [11:47] Zha Ewry: Well, we've two parts. Lets assume for the moment, we don't fork on Caps
- [11:48] Zha Ewry: So, now we would like to handle the "I want to get a cap from servcie X. Simple case, sim5863.agni.lindenlab.com
- [11:49] Zha Ewry: and I'd like to prove that I am infact YZSIM1.watson.ibm.com (ie. that one sim is inisde Linden Lab's domain, and the other inside IBM's Research Test Domain)
- [11:49] Zha Ewry: Given we can't depend on FQDNs, in the face of spoofing and such)
- [11:50] Zha Ewry: this implies there is a proper way to prove to each other, we are the droids we say we are
- [11:50] Which Linden: ? You mean you don't want to rely on SSL certs either?
- [11:50] Zha Ewry: and.. along the way, to set up a TLS (https) pipe, so that our imperial battlestationa ttack plans
- [11:50] Morgaine Dinova: We can't depend on FQDNs in production, sure, but we could just to get it working
- [11:50] Zha Ewry: don't get stolen
- [11:50] Zha Ewry: Oh
- [11:50] Zha Ewry: We can depend on SSL certs at the top level
- [11:51] Zha Ewry: but, at every single server, cross authenticated, on the fly?
- [11:51] Zha Ewry: especialy, gieven self signed certs are useful for
- [11:51] Zha Ewry: looks for a word
- [11:51] Zha Ewry: and decided not to use one at all
- [11:52] Which Linden: heh
- [11:52] Which Linden: self signed certs aren't useful except for debugging
- [11:52] Which Linden: IMO
- [11:52] Zha Ewry: right
- [11:53] Morgaine Dinova: Well the world isn't going to buy certs from Verisign, whether you like it or not :-)
- [11:53] Zha Ewry: There is some cool stuff, GGF did with X.509 proxy certs
- [11:54] Zha Ewry: So. what i want
- [11:55] Zha Ewry: is a low cost way for whole domains to have a small number of root servers, with good, proper X.509 signed certs. (or if they dont' care, they can self sign and people will know what to make of that)
- [11:55] Morgaine Dinova: I think we need to drop the worldview where there is one megacorp authenticating a teeny upstart, and think more about peers inter-authenticating.
- [11:55] Zha Ewry: and then let lots of components within them,
- [11:55] Zha Ewry: do lightweight TLS/SSL pipe creatoin based on that
- [11:56] Which Linden: Morgaine: there are plenty of top-level cert authorities
- [11:57] Which Linden: and it is pretty peer-to-peer right now, relatively, in that you can decide what authorities you trust
- [11:57] Which Linden: the browser just happens to come with a buncha defaults
- [11:58] Morgaine Dinova: Which: ultimately they provide nothing of value that a self-signed doesn't provide. Verisign's checks are a joke -- I used to manage them for a big ISP. And the smaller you get, the less checks. It's what Schneier calls "security theatre".
- [11:59] Which Linden: Not true at all, for example my university had their own CA, and they were extremely rigid about whose certs they would sign
- [11:59] Which Linden: But OK, maybe verisign's validation is nonsense
- [12:00] Morgaine Dinova: That control only works in a managed domain, like a University or a corp. It can't work in the mayhem of the open net.
- [12:01] Which Linden: That's an interesting point -- currently the Net can be categorized into "domains" and "sites". Sites get their certs from a central authority, domains are their own authority. Most sites on the WWW are "sites". Whereas it could be conceivable that the Open Grid consists mostly of "domains"
- [12:02] Morgaine Dinova: What's more, it's overkill that doesn't achieve anything that couldn't be done by a grid just listing some keys on its website.
- [12:03] Which Linden: Hm well you want those keys to be listed in at least two different channels, to minimize the risk of compromise
- [12:03] Morgaine Dinova: Or a thousand channels .... it's not a problem.
- [12:03] Which Linden: Right, well, you'd want each channel to have some barrier to entry so that you can't just push a button and haxx all the keys
- [12:04] Morgaine Dinova: If a spoofer can compromise a thousand sites all listing the right keys ... hey. he deserves to be in control :-))))
- [12:04] Which Linden: Are we digressing from what Zha wanted to talk about?
- [12:04] Zha Ewry: a little
- [12:04] rk2306 Dezno: hey all
- [12:04] Zha Ewry: Not a lot, tho
- [12:04] dogtow Hand: :o)
- [12:05] Which Linden: Hi!
- [12:05] Zha Ewry: A good set of protocols which let us end up with low cost (computtation, and real world dollar) authentication token in place at the services inside the
- [12:05] Morgaine Dinova: That is actually a powerful defence against spoofs ... the power of being a majority.
- [12:05] Goldie Katsu: I might point out that given how poorly CRLs are checked the likelihood of a program checking multiple sites to verify the key posted on one is unlikely at best.
- [12:06] Which Linden: One thing that would help with that is better client support for chained certificates
- [12:06] Zha Ewry: servers, so we can do tolerabley efficient https/SSL/TLS pipes between grid bits, is where I'm loking
- [12:06] Morgaine Dinova: Goldie: it's easy to knock up a library that'll do it by default. Heck, it could even be out in the default resolver.
- [12:06] Goldie Katsu: as long as you post it on the usual easy place to get a key that's good enough to get most.
- [12:07] Zha Ewry: end user proof, is a whole seperate issue (tho relevent)
- [12:07] Goldie Katsu: yes end user proof is relevant.
- [12:07] Which Linden: Heh, yes, even if you can prove you're truly Jim's Grids, the user has to have some assurance that your motto isn't "steal, steal, and thieve"
- [12:08] Goldie Katsu: Well that becomes a who you do business question - not an authentication question
- [12:08] Zha Ewry: Right
- [12:08] Morgaine Dinova: So, what do you need Zha?
- [12:08] Zha Ewry: That's the seperable "business policy issue, but relevent"
- [12:08] Zha Ewry: So.. long term?
- [12:08] Zha Ewry: We need three things, I think, last I counted.
- [12:08] Morgaine Dinova: No, short term, to get is going
- [12:09] Zha Ewry: well,s hort term, we need one, which is a good way of alllowing compoinents to prove membership in domains to each other
- [12:09] Zha Ewry: The second one, which we get, amusingly enough from a *LOT* of educational players
- [12:10] Zha Ewry: is to be able to prove end user membership in a community.
- [12:10] Zha Ewry: I'm utterl happy to lety people roll policy on top of those buildng blocks
- [12:10] Zha Ewry: as they see fit
- [12:11] Morgaine Dinova: Why is that hard? It seems fairly easy to take a user's public key and ask a service whether the user referred to by a key is a member of it, no?
- [12:13] Zha Ewry: shrugs
- [12:13] Zha Ewry: its software
- [12:13] Zha Ewry: nothign is "hard" except NP complete problems
- [12:13] Morgaine Dinova: Hehe
- [12:13] Zha Ewry: or getting anything decent written at all
- [12:13] dogtow Hand: oo :o)
- [12:13] Which Linden: The "good way of alllowing compoinents to prove membership in domains to each other" seems to be more challenging
- [12:14] Zha Ewry: Oh, I agree
- [12:14] Morgaine Dinova: Talking of which, did you read Dijkstra's nice (old) essay that hit Slashdot a couple of days ago?
- [12:14] Zha Ewry: especially if we really do want to end up with a
- [12:14] Goldie Katsu: link?
- [12:14] Which Linden: Or is that the same problem, i.e. group membership?
- [12:14] Zha Ewry: TLS/SSL pipe as the end producty
- [12:15] Which Linden: Zha, I don't remember you chatting
- [12:15] Morgaine Dinova: Dijkstra's essay (a wonderful read, like everything he wrote): [1]
- [12:15] Which Linden: in multiple lines like this
- [12:15] Which Linden: in the past. New habit?
- [12:16] Zha Ewry: chuckles. It varries, depending on how distracted I am
- [12:16] Which Linden: :-)
- [12:16] Morgaine Dinova: Dijkstra was pretty much my "god" when I was doing research in concurrency and parallelism, way back.
- [12:16] Which Linden: It makes sense, in that we don't have to wait for your entire thought to complete
- [12:17] dogtow Hand: lol or answers
- [12:17] Zha Ewry: So.. I am sort of stunned to notice that there isn't much of an existing
- [12:17] Zha Ewry: body on this
- [12:17] Morgaine Dinova: Zha's now running on multicore, and her threads aren't sync'd ;-)
- [12:17] Which Linden: is reading the dijkstra essay
- [12:18] Zha Ewry: pouts
- [12:18] Morgaine Dinova: He's so right too. The world of computing is in total disarray.
- [12:18] Zha Ewry: I make sure all my threads are properly swen, thsank you very much
- [12:18] Which Linden: It's after 12 so it would not be rude if anyone had to depart, btw
- [12:18] Goldie Katsu: (a scan! reminds me of the scratchblogging)
- [12:18] Morgaine Dinova: Is Swen your swedish friend? ;-)
- [12:19] Zha Ewry: Oh. no. Now my couturier seamstress has been named. I shall be rouined
- [12:19] Zha Ewry: err
- [12:19] Zha Ewry: ruined
- [12:19] Zha Ewry: which is better then being runed, and having to read in elvish.
- [12:20] Zha Ewry: (Which is probably what trying to follow my typing is like anyway)
- [12:20] Morgaine Dinova: I lectured in Sofware Engineering, so what Dijkstra wrote (very critical of S/E) really hit home ... he's 100% right.
- [12:20] Goldie Katsu: FUTHARKed again
- [12:20] Morgaine Dinova: I rank him along Feynmann
- [12:20] Goldie Katsu: growls loudly at adobe for inserting itself where it isn't wanted
- [12:21] Zha Ewry: But.. seriously, we actually have some nasty peer to peer component level authentication issues lurking in here
- [12:22] Which Linden: So how are the components of a domain peers?
- [12:23] Which Linden: I kind of view components as just being implementation details of a monolithic-appearing whole
- [12:23] Which Linden: For example, right now all simhosts have the same ssl cert, which the client verifies
- [12:24] Zha Ewry: Right, but they all happily live inside a single firewalled sub-net
- [12:24] Which Linden: Isn't each domain expected to do so as well?
- [12:25] Zha Ewry: Not when we want to allow someoen to teleport from a sim in domain A to a sim in Domain B
- [12:26] Morgaine Dinova: I think I'm missing the key problem. If SL server #1 (whom you trust by cert) gives you a link to X server #2, are you unwilling to believe that that's a valid host without further evidence?
- [12:26] Which Linden: Maybe I'm just confused about what you mean by "component". I thought you meant "host in a domain', but do you actually mean "a domain in the larger grid system"?
- [12:26] Which Linden: Good point Morgaine
- [12:27] Which Linden: I could see it going either way, w.r.t a link given to you from a trusted host
- [12:27] Which Linden: You might trust the trusted host to do everything except give you more links
- [12:29] Zha Ewry: So, from the bottom, up, I'm a lonely little region simulator in aa grid, and I have a user who has handed me a landmark to a remote sim in another grid. And I say "Ah,, I need to call that remote sim"
- [12:29] Goldie Katsu: I'm thinking domain in the larger grid system
- [12:30] Zha Ewry: I need to end up with a https pipe to that sim, at the end of a dance which lets that sim know I am a proven memeber of my domain, and that they are aproven member of their domain
- [12:30] Zha Ewry: I can clearly do that with nothing but verisggn certs, if I wanf to
- [12:30] Zha Ewry: (and then I'd better be careful, and rich
- [12:30] Morgaine Dinova: Just say "certs" :-)
- [12:31] Zha Ewry: well, signed by a mutually trusted third party with a sealed path certs
- [12:31] Morgaine Dinova: Why?
- [12:31] Goldie Katsu: and my clothing needs to be transferred there too so their is some matter of Asset server from aa grid knowing where its sending info on those assets (if they aren't a all assets are freely shareable kind of sim)
- [12:32] Which Linden: Goldie, yes, though theoretically once trust is established data transfer is an "easy" problem
- [12:32] Morgaine Dinova: Right now, when you surf the web, the vast bulk of all information you obtain is unauthenticated. And it's certainly not a problem.
- [12:32] Goldie Katsu: yes but there is the client to domain b trust and the domain aa to domain b trust
- [12:33] Goldie Katsu: yes in some cases the data will be that way
- [12:33] Morgaine Dinova: So I'm not sure why you want to burden all VW traffic with the needs of just the authenticated traffic
- [12:33] Which Linden: Yes, ugh, there is indeed a three-way trsut problem here
- [12:33] Monalisa Robbiani: hi
- [12:34] Goldie Katsu: because the unauthenticated part of the web doesn't deal with identity
- [12:34] Morgaine Dinova: I'm not saying that https isn't required. I'm just saying that your higher standard of evidence isn't required.
- [12:35] Goldie Katsu: if we are talking auth in a broader sense
- [12:36] Goldie Katsu: and right now auth is on a per-site basis in most cases
- [12:37] Which Linden: OK, I'm really sorry but I have to run
- [12:38] Monalisa Robbiani: dont forget my bear
- [12:38] [[User: Which Linden|Which Linden]: Feel free to add on to the transcript here: https://wiki.secondlife.com/wiki/User:Which_Linden/Office_Hours/2008_Dec_4
- [12:38] Goldie Katsu: Thank you for your time
- [12:38] Which Linden: oh!
- [12:38] Which Linden: didn't see the IM
- [12:38] Monalisa Robbiani: sent you IM:)
- [12:38] Morgaine Dinova: Cheers Which, take care :-)
- [12:38] Monalisa Robbiani: hihi *giggle*
- [12:38] Monalisa Robbiani: thankies
- [12:38] Goldie Katsu: oh a
- [12:38] Goldie Katsu: bear
- [12:38] Goldie Katsu: could I have one?
- [12:38] Zha Ewry: Thanks Which
- [12:38] Goldie Katsu: yay!
- [12:39] Which Linden: Thank you! I'll see you next time
- [12:39] Morgaine Dinova: Oh, I don;t have a Which bear either :-)
- [12:39] Zha Ewry: What do horses do with Linden Teddy Bears?
- [12:39] Monalisa Robbiani: horses?
- [12:39] Goldie Katsu: Let them ride on their back
- [12:39] Monalisa Robbiani: haha
- [12:39] Monalisa Robbiani: o.O
- [12:39] Zha Ewry grins
- [12:39] Zha Ewry: Of course
- [12:39] Goldie Katsu: lol
- [12:39] Monalisa Robbiani: 77 bears
- [12:39] Monalisa Robbiani: yay
- [12:40] Morgaine Dinova: Wow!
- [12:40] Goldie Katsu: Are you in the linden bear collector group?
- [12:40] Monalisa Robbiani: and all pesonally taken from them
- [12:40] Monalisa Robbiani: yes I am
- [12:40] Goldie Katsu: good!
- [12:40] Monalisa Robbiani: ugh so scripts hjere
- [12:40] Goldie Katsu: yeah
- [12:41] Goldie Katsu: that's why I'm standing instead of sitting.
- [12:41] Morgaine Dinova: So Zha ... which part of SSL cert auth isn't enough for you?
- [12:41] Goldie Katsu: oooh a tinies seat.
- [12:42] Goldie Katsu: (sorry that was off topic.)
- [12:42] Monalisa Robbiani: ride anyone?
- [12:42] Zha Ewry: SLL cert auth, at the web-service to web-service level, is, at best goign to be a bear to manage
- [12:43] Goldie Katsu: (lol bear hunting tag is active )
- [12:43] Morgaine Dinova: Indeed, doing it the current way (which is manual) isn't going to work.
- [12:43] Zha Ewry: Right
- [12:44] Zha Ewry: and. when you hit the NxMxC case I'm not sure how many certs I need in a big service, like a IM hub, or a asset backup service
- [12:44] Zha Ewry: (N x M regions x C components)
- [12:45] Morgaine Dinova: But the problem there is, that all non-manual methods have no security to mention.
- [12:45] Morgaine Dinova: Ie. it's theatre
- [12:46] Zha Ewry: Well
- [12:46] Zha Ewry: part of me is inclined, for that very reason
- [12:46] Zha Ewry: to keep certs at domains
- [12:46] Zha Ewry: and use a leased, shared secret between the low level comp[onents
- [12:46] Zha Ewry: (established by the cert based domain services)
- [12:47] Zha Ewry: as the thing we use to setup the HTTPS pipes between the low level components
- [12:47] Zha Ewry: GGF did that with X.509 proxies
- [12:47] Morgaine Dinova: Sure, that's no problem. The shared secret is really just the session key, short lived.
- [12:47] Zha Ewry: But they seem heavyweight, and aimed at end user authentication
- [12:48] Zha Ewry: well, one might go one step longer term, and allow the session key to be reused in limited ways, but.. there are some real
- [12:48] Zha Ewry: risks you trade off there
- [12:48] Zha Ewry: (ie, can I pass the session key from service to service, locally, within a domain, for a short while)
- [12:49] Zha Ewry: keep a short time to livce
- [12:49] Zha Ewry: (which makes the kabuki much more acceptable)
- [12:49] Morgaine Dinova: It's a necessary risk though. Without it you'll never be able to move sessions from a home device to a mobile device for example.
- [12:50] Zha Ewry: Oh, more importantly, be to establish the session to asim, and then pass it to an adjacent sim, on boundrary crosssing, without a heavy transaction
- [12:50] Zha Ewry: I
- [12:50] Zha Ewry: am pretty comfortable with laptop to cell phone handoff being heavyweight
- [12:50] Zha Ewry: I am much less willign to let thsat happen on sim to sim
- [12:50] Morgaine Dinova: True
- [12:51] Zha Ewry: What i really want to make sure we manage, is a good balancing point
- [12:51] Zha Ewry: and bake it in low, so we don't encumber 90% of the protocol with it
- [12:51] Zha Ewry: (and keep it deeply orthogonal from policy)
- [12:53] Zha Ewry: OK, I need liquid and five minutes of clear brain time, to prerp to talk to a senior executive about some funding
- [12:53] Morgaine Dinova : Good luck :-)
- [12:53] Zha Ewry: Oh, and I've gently relayed the "WTF is happening, you are going to get bypassed" concern to Zero.
- [12:53] Goldie Katsu: good luck.
- [12:53] Goldie Katsu: Good!
- [12:53] Morgaine Dinova: Hehe, so did I Zha.
- [12:54] Zha Ewry: Not like Zero isn't aware
- [12:54] Morgaine Dinova: He hasn't replied, sadly
- [12:54] Zha Ewry: Ah. I got an "Painfully aware of that"
- [12:54] Zha Ewry: Mind you my note started with "As I am sure you are painfully aware"
- [12:55] Goldie Katsu: lol
- [12:55] Goldie Katsu: Go take your 5 minute prep time
- [12:55] Zha Ewry: yeps
- [12:55] Morgaine Dinova: Take care :-)
- [12:55] Zha Ewry: *poof*