Difference between revisions of "Talk:Viewer Authentication Critique"
Line 24: | Line 24: | ||
-- [[User:Argent Stonecutter|Argent Stonecutter]] 21:00, 29 September 2007 (PDT) | -- [[User:Argent Stonecutter|Argent Stonecutter]] 21:00, 29 September 2007 (PDT) | ||
Is this better, Rob? -- [[User:Argent Stonecutter|Argent Stonecutter]] 21:11, 29 September 2007 (PDT) |
Revision as of 20:11, 29 September 2007
Process for editing the critique
By virtue of jumping first, I think Matthew Dowd should be the working group chair for editing this document. What I think that means is this:
- Anyone can still make no-brainer edits to the article
- Matthew will be arbiter for dispute resolution, should that be necessary.
- If there are points that Matthew is unclear about, he should delete them from the document, and move them to the talk page.
- If there are points that others are unclear about, they should bring them up on the talk page, and then later delete them from the main page if a question/concern goes unanswered on the talk page (with "see talk page" in the comment of the edit).
- If, for whatever reason, it becomes necessary to fork this document, it's best to move all critiques into the user space of the working group chair. So, for example, Matthew's version would move to User:Matthew Dowd/Viewer Authentication Critique, and other critiques could also be done the same way. This page would become a list of critiques.
Sound like a reasonable process? I think this is lightweight enough that a pretty good document can evolve pretty quickly. -- Rob Linden 12:56, 29 September 2007 (PDT)
Third party viewers/code
What's the substantive difference between these two points?
- Viewer still involves running trusted code on the computer and could initiate other attacks e.g.
- Most of these attacks could be performed by any third-party software designed for use with SL
Both have many subpoints. Could they be consolidated into a single point? -- Rob Linden 20:10, 29 September 2007 (PDT)
The first point is that keeping the client from seeing the password doesn't remove the danger of a modified client.
The second point is that *any* ancillary software (such as animation editors, sculpt editors, sculpt texture plugins) could be used in an attack, even if they don't actually connect to SL, since they would be used by SL residents.
-- Argent Stonecutter 21:00, 29 September 2007 (PDT)
Is this better, Rob? -- Argent Stonecutter 21:11, 29 September 2007 (PDT)