Jesse Nesbitt wrote:
On 10/17/06, Donna Dionne <[EMAIL PROTECTED]> wrote:
Hi!
A few more questions:
1. During the XML-RPC login, server will send a "server hello" to the
client
and there is a certificate embedded in the TLS handshake protocol.
Is this certificate ever encrypted?
Is this certificate generated for every session? can it be stored and
replayed?
I'm not sure, but there seems to be a certificate last time I checked
in the data/ directory.
2. at the end of the XML-RPC login, information such as session id,
agent
id, and sim host (ip address, port) for subsequent data communication
are
sent from the server to the client.
are all these info encrypted?
what other info are passed from server to client?
I recomend looking at
http://www.libsecondlife.org/protocol/index.php/Login
It's one place where the wiki's really good
3. Are the messages bound by 1500 MTU limit? If not, how will the
fragmented packets be sequence numbered?
The entire protocol is structured around an MTU limit of about 1500.
There is no packet fragmentation, although some messages are split
across several packets (for example a texture download). Every packet
will still have a proper header and be able to be decoded independently.
And as far as the login question, as Jesse said
http://www.libsecondlife.org/protocol/index.php/Login is a good
resource. Standard TLS 1.0 (https) encryption is used, and yes
secondlife.com has a valid certificate signed by a root CA. However, the
client uses a third party library to do the XML-RPC login and it doesn't
care if you are connecting to the Second Life login server, or a server
running on your own machine, or one running on a random server on the
net. This is one part where 100% existing standards are used though,
it's run of the mill TLS and XML-RPC.
John
_______________________________________________
libsecondlife-dev mailing list
libsecondlife-dev@gna.org
https://mail.gna.org/listinfo/libsecondlife-dev
http://www.libsecondlife.org/
