>From a design perspective, the BOINC architecture should be able to function >without the BOINC project server or a central authority to grant keys and the >like.
The client software communicates with the server software using libcurl over HTTP/HTTPS. For the most part, I think WCG mostly uses HTTPS as a way to protect volunteer privacy, the core protection still comes from the project's code signing key. ----- Rom -----Original Message----- From: Jeffrey Walton [mailto:[email protected]] Sent: Wednesday, February 13, 2013 12:52 AM To: Rom Walton Cc: BOINC Developers Mailing List Subject: Re: [boinc_dev] BOINC on Android Update Hi Rom, Somewhat OT, but somewhat related.... > * Correct ca-bundle.crt is extracted Ouch! Daggers in my eyes. Do you really need to confer trust? The secure channel using a public dns and a public ca hierarchy leaks like a sieve. I gave a talk last week on the evils of trusting [foreign] DNS, PKI{X} and public CAs (https://www.owasp.org/index.php/Virginia). There are alternatives, if interested. For example, you could: * supply the needed certificate root during provisioning - trust only one instead of many * use a password authenticated key exchange (PAKE) - for example, Secure Remote Password (SRP) * pin the server's expected certificate or public key - provide during provisioning I also provided sample programs for public key pinning at the talk. It includes Android, iOS, .Net, and OpenSSL. Its as easy as copy/paste. It does not throw away SSL/TLS - it hardens the channel. Jeff On Wed, Feb 13, 2013 at 12:40 AM, Rom Walton <[email protected]> wrote: > I've uploaded a new build: > http://boinc.berkeley.edu/dl/boinc_7.0.51_arm-android-linux-gnu.apk > > This build has the following fixes: > * Correct ca-bundle.crt is extracted from the installation package, SSL > connections should now work. > * Client should now be able to track the temp and status of the battery and > suspend before overheating. > * Client is now started in daemon mode. Logs can be viewed from the shell. > * Moved the projects tab before the tasks tab. > * Settings tab has been renamed to preferences. > * Enabled the messages tab, it'll display the client messages in the next > build. > * The UI can now be used in landscape mode. > * The Android setup package has the debug flag enabled right now. > > If you have the Android SDK installed, you can view the core client state by > executing: > $ adb shell > $ run-as edu.berkeley.boinc /system/bin/sh > > >From here you'll be logged in as the user account created for the BOINC > >application, the core client and data files are in the client subdirectory. > _______________________________________________ boinc_dev mailing list [email protected] http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev To unsubscribe, visit the above URL and (near bottom of page) enter your email address.
