Re: [vwrap] "Trust Domains", conditioners and refineries
Dzonatas Sol <dzonatas@gmail.com> Sat, 02 April 2011 16:01 UTC
Return-Path: <dzonatas@gmail.com>
X-Original-To: vwrap@core3.amsl.com
Delivered-To: vwrap@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DD5C028C122 for <vwrap@core3.amsl.com>; Sat, 2 Apr 2011 09:01:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.554
X-Spam-Level:
X-Spam-Status: No, score=-3.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHcUYs2YgLV8 for <vwrap@core3.amsl.com>; Sat, 2 Apr 2011 09:01:08 -0700 (PDT)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id 217C928C0E7 for <vwrap@ietf.org>; Sat, 2 Apr 2011 09:01:08 -0700 (PDT)
Received: by iwn39 with SMTP id 39so5108869iwn.31 for <vwrap@ietf.org>; Sat, 02 Apr 2011 09:02:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:message-id:date:from:user-agent:mime-version:to :cc:subject:references:in-reply-to:content-type :content-transfer-encoding; bh=AZdWfbxVXkCv8zwLl4lyS2rlVmVFXQmEv4p9CNYgLds=; b=qtowBHeIToe6oOjFGrV2gWOfrdYiLKTUEx+3M7vqGIGqmliTyXVRalJU8l5sp3cgMU ztEW3V7xvG1OtzIFeDwRfcpziugtlUh7TMkcign9PLoaaFqIV+h1+QEJdBL3jsQmK1PD Z6BnE8npZPa/vIDHNQ8yugDoGqvk9pzxy+VWs=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type:content-transfer-encoding; b=PUJIQ2pq7qG68T3itU4KngHpmTKvSUr8dWcpa4NY9ZRRzt9EESRh+ZMsppojKy8LOR 1wmAkXpowYrAWbOX/DmyJzQ1GWSFMLgy9WWAo1TaAK5GWvZLEgi1MtFGZEyAk9pdvAXJ /gcuBRXcTa0V3Ijv1ZXEZ5z/TKF7+Q2jXk/WI=
Received: by 10.42.239.6 with SMTP id ku6mr6633895icb.189.1301760164683; Sat, 02 Apr 2011 09:02:44 -0700 (PDT)
Received: from [192.168.0.50] (adsl-71-137-195-251.dsl.scrm01.pacbell.net [71.137.195.251]) by mx.google.com with ESMTPS id gy41sm2290069ibb.22.2011.04.02.09.02.42 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 02 Apr 2011 09:02:43 -0700 (PDT)
Message-ID: <4D9748D0.3000808@gmail.com>
Date: Sat, 02 Apr 2011 09:03:28 -0700
From: Dzonatas Sol <dzonatas@gmail.com>
User-Agent: Mozilla-Thunderbird 2.0.0.24 (X11/20100329)
MIME-Version: 1.0
To: Dzonatas Sol <dzonatas@gmail.com>
References: <4D93E82C.7060503@gmail.com> <AANLkTinH2vz+HXTs2j60D2S4BsBH0uT=eG1kTnwBctfJ@mail.gmail.com> <4D949BFB.1010804@gmail.com> <AANLkTi=y3nSCw=nFVn0B0Q-6twov_Vq9MgZPrYC51YgO@mail.gmail.com> <4D94B1EF.2030206@gmail.com> <4D95EB3F.8090807@gmail.com> <AANLkTin4Jbho9hEcqDzMW8GanM9Snk70KsLYcnmjGVYk@mail.gmail.com> <4D960950.8090205@gmail.com> <AANLkTinA21R-0LTh26YZMCfMrs18am8JogGv6kWSPTvN@mail.gmail.com> <4D966CD9.3040204@gmail.com>
In-Reply-To: <4D966CD9.3040204@gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: vwrap@ietf.org
Subject: Re: [vwrap] "Trust Domains", conditioners and refineries
X-BeenThere: vwrap@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Virtual World Region Agent Protocol - IETF working group <vwrap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/vwrap>
List-Post: <mailto:vwrap@ietf.org>
List-Help: <mailto:vwrap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/vwrap>, <mailto:vwrap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Apr 2011 16:01:10 -0000
I almost forgot I did provide a way for "trust" to be actual trust and not some exploitable digital copy or exploitable encryption. The ability takes advantage of ray-casters/ray-tracers to view analog based virtual worlds, yet I purposely haven't gone in much detail other than to note flow and support here: http://wiki.secondlife.com/wiki/User:Dzonatas_Sol/SNOW-375_Resources/Interface At this time, LL has made no comment or proposed fix for few very exploitable client/server implementations other than "trust" in firewalls. I'll avoid details and assume a few others on the list are aware. That's where I last left off... so not much has change (in icesphere and here) since then. (Oh yeah, I posted exemplified advanced 12D simulation with quantum computers at tiny and macro scale, which went over people's heads... "spoke too soon"). Dzonatas Sol wrote: > That still is some debate over mechanisms that only serve as an > example or use-case, not further topology of such network, capability, > and content path. > > We could argue such straw men, yet I'm not in the mood. Anyways... can > we stay on track of terminology and asset services. Thanks. > > Morgaine wrote: >> On Fri, Apr 1, 2011 at 6:20 PM, Dzonatas Sol <dzonatas@gmail.com >> <mailto:dzonatas@gmail.com>> wrote: >> >> I guess your reply is purely April 1st themed, as there are surely >> protocols in use now on the Internet, yet you make it sound like >> nobody trusts the Internet... >> >> >> A lot of people trust the Internet at face value. Our innocent, >> well-intentioned but technically uninformed families are among them. >> That is why organized crime has such an easy ride online. >> >> In this group we are better informed than that though, and >> (hopefully) we understand that trust of an unknown remote 3rd party >> means absolutely nothing because "trust" and "unknown remote" is a >> contradiction in terms, even if they possess a cryptographically >> signed certificate. >> >> An X.509 credential means nothing except that the endpoint is >> recognizable for the session. It says nothing about participant >> trust, it says nothing about information security, it does not >> protect against contrary intentions, and most importantly, it >> provides no technical mechanism for achieving the goal of "domain >> protection" that some people here think it supports. Thinking that >> X.509 offers anything beyond network endpoint identification is a >> misunderstanding of the technology and of security. It is not a >> wall. It is just a lock on the wall, and everything beyond the lock >> is unsecured. >> >> And it gets even worse than that. I have had the misfortune of being >> assigned the duty of interfacing with a leading certificate provider >> over several years, and can attest that certificates are granted >> without any kind of strong care and assurance. The process is >> effectively non-scalable, because as the population of certificate >> holders increases, the controls become ever less strong, and the >> meaning of holding a certificate reduces to virtually nothing. It >> certainly affords no trust. >> >> Having faith in empty delusions is rather common in humanity, but we >> don't need to enshrine them in an IETF protocol. We already have >> enough concrete work with goals that are verifiable on our plate. >> Adding unverifiable delusions to the protocol does not gain us >> anything beyond a warm feeling stemming from incompetence about >> security. >> >> >> Morgaine. >> >> >> >> >> >> ========================= >> >> >> On Fri, Apr 1, 2011 at 6:20 PM, Dzonatas Sol <dzonatas@gmail.com >> <mailto:dzonatas@gmail.com>> wrote: >> >> I guess your reply is purely April 1st themed, as there are surely >> protocols in use now on the Internet, yet you make it sound like >> nobody trusts the Internet... again >> >> Morgaine wrote: >> >> I hope you realize that "trust domains" don't actually exist >> outside of some people's passion for buzzwords. >> >> Having worked in defense security and looked beyond buzzwords >> into what really happens with information protection and >> leakage, the concept of technically-secured trust in an open >> client-server system lies somewhere between delusion and >> comedy.� No, just no. >> >> Information is secure only when it is not released and not >> accessible.� In our VW architecture, all visible content is >> sent to all participants in the simulation by architectural >> design, and its non-distribution beyond that set of >> participants is not assurable.� Indeed, it is objectively >> impossible to assure, because there is no control over public >> outbound information channels in our architecture, and even >> less control over covert channels. >> >> That makes all talk about "trust domains" here an exercise in >> futility, some kind of reliance on "faith" and wishful thinking. >> >> The merits of comedy aside, I suggest that we stick to >> concepts that we can underpin with concrete technology and >> implement in protocols.� Trust is not one of them and just >> wastes time, despite the cuteness of the term "trust domain". >> >> If you want to keep information secure, don't send it to >> somewhere that is insecure such as a remote client.� That's >> the technical solution, stripped of wishful thinking. >> >> Whatever one may think of the defense industry, at least they >> analyze issues to avoid self-delusion.� We may not have a >> defense budget here, but that's not a reason for promoting >> concepts that simply don't work. >> >> >> Morgaine. >> >> >> >> >> ====================== >> >> On Fri, Apr 1, 2011 at 4:11 PM, Dzonatas Sol >> <dzonatas@gmail.com <mailto:dzonatas@gmail.com> >> <mailto:dzonatas@gmail.com <mailto:dzonatas@gmail.com>>> wrote: >> >> Of replies received and to forward this further, the ideal >> "trust >> domains" are established in file by X.509 (and more recent >> claims) >> or by login credentials/authentication. This flexibility of >> these >> two alone to establish such domain already defeats the >> purpose to >> use client/server terminology except at the transfer-level. >> Consider that LLIDL & REST is above the transfer-level (from >> source-level perspective), there is not much need to use >> client/server terminology (except if you want pedantic >> buzzwords). >> >> Please let me know if there is some other case. >> >> >> Dzonatas Sol wrote: >> >> Added "trust domains" to the subject line to hopefully >> narrow >> this thread before it goes into some random debate. >> >> >> >> >> -- --- https://twitter.com/Dzonatas_Sol --- >> Web Development, Software Engineering, Virtual Reality, >> Consultant >> >> _______________________________________________ >> vwrap mailing list >> vwrap@ietf.org <mailto:vwrap@ietf.org> >> <mailto:vwrap@ietf.org <mailto:vwrap@ietf.org>> >> >> https://www.ietf.org/mailman/listinfo/vwrap >> >> >> >> ------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> vwrap mailing list >> vwrap@ietf.org <mailto:vwrap@ietf.org> >> https://www.ietf.org/mailman/listinfo/vwrap >> >> >> >> -- --- https://twitter.com/Dzonatas_Sol --- >> Web Development, Software Engineering, Virtual Reality, Consultant >> >> >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> vwrap mailing list >> vwrap@ietf.org >> https://www.ietf.org/mailman/listinfo/vwrap >> > > -- --- https://twitter.com/Dzonatas_Sol --- Web Development, Software Engineering, Virtual Reality, Consultant
- Re: [vwrap] Conditioners and refineries Morgaine
- [vwrap] Conditioners and refineries Dzonatas Sol
- Re: [vwrap] Conditioners and refineries Morgaine
- Re: [vwrap] Conditioners and refineries Dzonatas Sol
- Re: [vwrap] "Trust Domains", conditioners and ref… Dzonatas Sol
- Re: [vwrap] Conditioners and refineries Mike Dickson
- Re: [vwrap] Conditioners and refineries Morgaine
- Re: [vwrap] Conditioners and refineries Dzonatas Sol
- Re: [vwrap] "Trust Domains", conditioners and ref… Dzonatas Sol
- Re: [vwrap] "Trust Domains", conditioners and ref… Morgaine
- Re: [vwrap] "Trust Domains", conditioners and ref… Dzonatas Sol
- Re: [vwrap] "Trust Domains", conditioners and ref… Morgaine
- Re: [vwrap] "Trust Domains", conditioners and ref… Dzonatas Sol
- Re: [vwrap] "Trust Domains", conditioners and ref… Dzonatas Sol