On Thu, Dec 4, 2008 at 19:17, Greg Smith <[EMAIL PROTECTED]> wrote: > I'm copying in Devel and will drop the sugar list on further replies > (hope that's the right netiquette in this case...).
(note: I'm not on devel, so please keep me CC'd) > > security) who are the principals? > > what are their goals? > > what attacks concern us? > > GS - In general I don't want any other devices to be able to appear to > be the XO. We can assume that the XS <-> XO is a secure network not > visible to the outside workd (whether that is true in practice is > another story). So I moved the encryption and stringent security > requirements to the optional case where the XO is talking to a non-XS > server. > I'd rather not make that assumption. Some schools may not have a _local_ school server (even dispite our best wishes) or a student may want to access the server from a non-local connection. The XS, IMHO, should support the "road warrior" use case (at least for post-registration) -lf
_______________________________________________ Sugar mailing list Sugar@lists.laptop.org http://lists.laptop.org/listinfo/sugar
