I am aware that SSL is open source. This may be a dumb question, but humour me - I am not a coder beyond HTML and a bit of java, are you saying that SSL could be incorporated into the client? Or would the client launch a browser? Or...? The reason I ask is because I don't see the benefit of walking into a 3d bank. It really offers me nothing more than doing it from a webpage like I currently do. Unless I count opening myself up to more hacks as a benefit.
Is it possible? Yes. Do people like open source? Well, there are those in this thread that say SL has no use for open source. That would mean LL would have to make their own client/server software to transmit SL data over SSL. However, OpenSSL is already an option. When you go onto the secondlife.com website and you see that "https://..." instead of a "http://..." in the address bar, the connection is being done by SSL. If you use Firefox, you actually use a subset of OpenSSL.
There is a thread somewhere in this forum about an RSA encoder in LSL. Last I read, it was tested to connect to OpenSSL - but it was just a test. LSL is too slow to do practical encryption beyond a little bit of data. Check out the Notary services that exist in SL for those that have spent some time to secure documents in SL.
LL could install SSL code into the client and server and secure data transmission. LL could further offers keys to premium accounts. Free accounts would have to use unencrypted data.
One problem with this... The U.S. has restrictions on the ability to distribute programs with encryption software. It would severally limit the ability of those outside of the U.S. to have a secure connection.
The way around it? Distribute the SL client with the ability to use OpenSSL but without OpenSSL itself. If the user wants a secure connection, the user would have to install OpenSSL or any other software that fully implements SSL. SSL is just a standard and not a product, so anybody outside of the U.S. is able to get a copy of a SSL implementation from oustside the U.S. (Anotherwords, the U.S. government does not want to guarantee that the software from another country is secure to use to connect to computers in the U.S. Therefore, it does not allow products with encryption to be exported yet it does allow the secure connection.)
As for the rest of your post, I am unsure why you chose a post in which you're replying to me about the bank thing to launch into that.
hrugs:Everything about the paranoid analyst bit I was going to put in another thread, so it wasn't a rant directed at you. Sorry. It just jived with the issues. Sometimes I become a chatterbox and when I do that I usually delete my entire post even if it is a couple of pages long. I should have seperated my post.
