Whew... Site keys work. This means that most communications (and all that an attacker would actually be interested in) are now fully encrypted in MOS. I don't want to have to do that again. Not that it was particularly hard to implement (actually I was supprised at how little code it actually involved) but it was not fun at all to debug. Then again, I did do the whole thing to two nights, I suppose it could have been much, much worse...
So the upside is that MOS is now (probably) really, really secure. The downside is that all the key negotiations that have to happen before things can talk to other things takes ages. I don't know well this scales, but until MOS gets another order of magnitude faster we may be looking at lengthy login times for complex worlds. We'll see how things pan out, though. The security measures of MOS are one of it's most important features.
Oh, I did get the performance up though by re-writing the message parser. MOS throughput went from 11 messages/sec to about 150 :-) Same XML message format, but parsing overhead is MUCH less now. Good.
Link of the day - Erik Davis's Figments & Inklings. Especially the Corpus Cybermeticum --- wow, it's so nice to find a web page chock full of intellectually stimulating information you can't find anywhere else, with a nice simple layout and lots of plain unadorned text. Reminds me of the web circa 1994 :-)