[sldev] [IDEA] Signed Client Logs

Tateru Nino tateru.nino at gmail.com
Mon Nov 12 19:27:50 PST 2007


If the client's doing the signing the logs could still be faked.
Everything would have to be signed by the server and verified against
the server's public key, no?

Chosen Raymaker wrote:
> Hello,
>
> I'm active in a couple of groups related to SL local governance, and
> one problem we often come across is the issue of evidence in the
> virtual world. What can you trust in a world where everything is
> artificial? You can trust the server, but access to the server (i.e.
> server logs) is restricted.
>
> In response to this problem, I developed the idea of digitally signed
> client logs, as outlined below. Can someone tell me if it is
> technically possible to implement this idea in Second Life within any
> reality? Or is perhaps too resource-intensive?
>
> If it is technically possible, what would be the required steps to get
> it implemented?
>
> BASIC IDEA
> 1) Each message sent from the server to the client is digitally signed.
> 2) The client records all messages along with their signatures in a log.
> 3) When a complaint is filed against the user, the client may send any
> logs relevant to the incident back to the server.
> 4) The server can now make an informed decision on the complaint.
>
> REVISED IDEA
> Only important messages sent from the server to the client are
> digitally signed and logged by the client.
>
> RE-REVISED IDEA
> The server generates a checksum for each block of, say, 100 important
> messages sent to the client.
> Each checksum is digitally signed and logged by the client, along with
> the corresponding messages.
>
>
> Thanks in advance.
>
> ---
> Regards,
> Chosen Raymaker
>
> _______________________________________________
> Click here to unsubscribe or manage your list subscription:
> https://lists.secondlife.com/cgi-bin/mailman/listinfo/sldev
>

-- 
Tateru Nino
http://dwellonit.blogspot.com/



More information about the SLDev mailing list