Ivan,
I have no problem with the idea, but pl make sure we document all the
nuances.
> I don't know what you mean by 'protected properly'. The key
> is public, so it's available for download on the Internet.
<KS>
The key is available in the internet, but when I asked earlier, you
said, there is no internet connectivity requirement during the verification
process. In that case, we need to make sure the key is protected against
tampering when in the OLPC, as much as we can.
</KS>
> > But, want to caution that either the
> > key or the serial number or the MAC address can be spoofed (under
> > proper conditions) and so we should make sure, we do not
> put *undue*
> > trust in any of these artifacts.
>
> There's no trust being put into either one.
>
<KS> If you are not trusting the embedded public key, then you cannot use it
to verify the signature. Need to find another way ...</KS>
Cheers
<k/>
> -----Original Message-----
> From: Ivan Krstić [mailto:[EMAIL PROTECTED]
> Sent: Sunday, August 27, 2006 7:17 PM
> To: Krishna Sankar (ksankar)
> Cc: [email protected]
> Subject: Re: [OLPC-devel] Secure BIOS on the OLPC
>
> Krishna Sankar (ksankar) wrote:
> > The signed code paradigm is being used by Microsoft, Java et al.
>
> Signed code works, but that's sort of beside the point. In
> this case, what's in question is a particular and rather
> unusual implementation thereof, and I wanted to get a bunch
> of eyeballs on the unusual bits to make sure I didn't miss something.
>
> > Embedding an OLPC public key in the bios for bootstrapping is fine.
> > We need to make sure, it is protected properly
>
> I don't know what you mean by 'protected properly'. The key
> is public, so it's available for download on the Internet.
> Protection against the BIOS being maliciously overwritten is
> the whole point of the scheme; the public keys just get a
> free ride because they live within the LB payload.
>
> > unique MAC address
>
> I will almost certainly make the MACs unusable for
> identifying the machines. See e.g. RFC 3041. More details to
> be provided in the spec.
>
> > But, want to caution that either the
> > key or the serial number or the MAC address can be spoofed (under
> > proper conditions) and so we should make sure, we do not
> put *undue*
> > trust in any of these artifacts.
>
> There's no trust being put into either one.
>
> --
> Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D
>
_______________________________________________
Devel mailing list
[email protected]
http://mailman.laptop.org/mailman/listinfo/devel
