Hal Murray wrote: > That feels like the tip of a security iceberg. Somebody has to be able to > authorize access to data on the server without the appropriate key, including > getting the key. > I don't think that's anything new from the computer security standpoint. You > have to trust your sysadmin. The interesting part for OLPC will be bringing > the local sysadmins up to speed on security.
Correct. I explained this to people in today's security meeting: the school server maintains a UUID <-> child identity mapping. Backups are identified as belonging to a particular UUID. A teacher can log into the school server and use a graphical interface to reassign existing backups for a particular UUID to another UUID by modifying the mapping. This covers laptop destruction or exchange for any reason. Once the kids are old enough that they're worried about the teacher using a spare XO to invade their privacy, they will have an option at their disposal to set a password and/or stop backing up their private key to the server, in which case they are also responsible for having an external copy of that key in the event of laptop destruction, or will not be able to restore their old backups. For more details, see P_DOCUMENT_BACKUP and P_PASSWORD in http://wiki.laptop.org/go/OLPC_Bitfrost . -- Ivan Krstić <[EMAIL PROTECTED]> | GPG: 0x147C722D _______________________________________________ Devel mailing list Devel@laptop.org http://mailman.laptop.org/mailman/listinfo/devel
