Krishna Sankar (ksankar) wrote: > I have no problem with the idea, but pl make sure we document all the > nuances.
Certainly. > <KS> The key is available in the internet, but when I asked earlier, > you said, there is no internet connectivity requirement during the > verification process. In that case, we need to make sure the key is > protected against tampering when in the OLPC, as much as we can. > </KS> Sorry, we miscommunicated. What I meant is that there's no need to protect the identity of the key (since it's public), and once on the SPI flash, the key becomes tamperproof by virtue of this very scheme (to tamper with it, you have to tamper with the whole BIOS, but you can't, because you'd have to forge a digsig on the new BIOS binary). Does that make sense? >>> But, want to caution that either the key or the serial number or >>> the MAC address can be spoofed (under proper conditions) and so >>> we should make sure, we do not >> put *undue* >>> trust in any of these artifacts. >> There's no trust being put into either one. >> > <KS> If you are not trusting the embedded public key, then you cannot > use it to verify the signature. Need to find another way ...</KS> My statement of 'there's no trust being put into either one' refers to the MAC address and the serial number on the machine, not the embedded public key. The embedded public key is fully trusted. -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D _______________________________________________ Devel mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/devel
