Hello, On Thu, Oct 20, 2011 at 7:13 PM, Michael Rogers <[email protected]> wrote: > On 20/10/11 01:59, Paul Gardner-Stephen wrote: >> One of the interesting challenges we are addressing with this is how >> to secure the update process to prevent unlawful sabotaging of the >> Serval network through seizing or reverse engineering the signing key. >> I am happy to explain more of our thinking on this if there is >> interest. > > Hi Paul, > > I'd be interested in hearing more about this if you have some time.
So the main approach we are planning on here is a voting system with a pool of signing authorities. Serval itself would be one of the signing authorities, and we are actively seeking other open-source friendly organisations in different countries to be other signing authorities. Then for each release of the Serval software we would sign the Android package, and then invite the other signing authorities to also sign it. The Serval software update process would require each update to be signed by a majority of these authorities, thus preventing the capture of the key from any one (or few) of the organisations being sufficient to enable effective signing of a trojan update. The idea of this is to prevent the illegitimate shutting down or subversion of the Serval software via the automatic update proces, such as what happened with LimeWire (although the comparison is not exact, given that the primary functions of Serval are to facilitate actions such as supporting the universal human right to freedom of expression, and communication in the absence of supporting infrastructure). Paul. _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
