John R. Hogerhuis wrote: > The problem there is not physical security but a > "trust the programmers" issue.
So you don't trust any piece of human-written cryptographic code to do its job properly? Or are you saying you don't trust the people themselves? > You're not familiar with evil? Please re-read that part of the original message, and my reply, carefully. > No perfect upgrade system has ever been designed / implemented. > Most likely, yours isn't either so any system which is required to be > perfect is broken by requirement. John, you keep generalizing what is actually a very specific issue. The design for this particular upgrade system is elegant and watertight. Now, as you point out, the implementation and execution can go wrong in one of three ways: 1. Physical compromise of OLPC private keys: mitigated by already planned, highly-stringent physical security. 2. Bug in the digsig implementation: mitigated by the use of two separate digsig systems. 3. Cryptographic break of the digsig system: mitigated as above. Unless you're willing to specifically address technical details in order to show that the design is invalid, I can't continue to participate in this discussion. > First, by definition those that do understand what is happening are in a > position to authoritatively refuse. Not every kid will be in this > category, but some will. Can you provide a meaningful, non-contrived example under which a user would refuse a BIOS upgrade? -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D _______________________________________________ Devel mailing list [email protected] http://mailman.laptop.org/mailman/listinfo/devel
