Re: [Server-devel] Antitheft: sending a fake stolen...
On Mon, Aug 24, 2009 at 6:37 AM, Martin Langhoffmartin.langh...@gmail.com wrote: A while ago, Daniel fixed a bug in my changes to olpc-update, and that left me with a to-do item on the xs-activation side. Reviewed the situation on the OAT proto concept of always sending a stolen token, with the idea that xs-activation should do what the protocol proposes: always send a 'stolen' element, to prevent a relatively simple proxy from blocking stolen msgs. The situation is a tad more complex, as a proxy could block any message not containing a lease. For the time being I've filed my notes in http://dev.laptop.org/ticket/9444 -- so this is a 'for later'. As I wrote in http://wiki.laptop.org/go/Theft_deterrence_protocol: Care should be taken to ensure that these cases can not be easily distinguished by the presence or contents of other fields in the message. A proxy can't tell a valid leave from an invalid lease without knowing the UUID for every serial number, so you should probably return a lease which is valid except for the fact that the signed string has an randomly-chosen UUID (it can't be a fixed bad UUID, because that can be easily tested.) --scott -- ( http://cscott.net/ ) ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Antitheft: sending a fake stolen...
On Mon, Aug 24, 2009 at 11:45 PM, C. Scott Ananiancsc...@laptop.org wrote: so you should probably return a lease which is valid except for the fact that the signed string has an randomly-chosen UUID Exactly my thoughts -- as you can see in the bug. Implementing that goes beyond merely coding it -- it would mean checking that the various (released) versions of the client code do the right thing with these mixed messages. And that is what I am postponing right now (with this bug as TODO + documentation). cheers, m -- martin.langh...@gmail.com mar...@laptop.org -- School Server Architect - ask interesting questions - don't get distracted with shiny stuff - working code first - http://wiki.laptop.org/go/User:Martinlanghoff ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel
Re: [Server-devel] Antitheft: sending a fake stolen...
On Mon, Aug 24, 2009 at 6:05 PM, Martin Langhoffmartin.langh...@gmail.com wrote: On Mon, Aug 24, 2009 at 11:45 PM, C. Scott Ananiancsc...@laptop.org wrote: so you should probably return a lease which is valid except for the fact that the signed string has an randomly-chosen UUID Exactly my thoughts -- as you can see in the bug. Implementing that goes beyond merely coding it -- it would mean checking that the various (released) versions of the client code do the right thing with these mixed messages. And that is what I am postponing right now (with this bug as TODO + documentation). I updated http://wiki.laptop.org/go/Theft_deterrence_protocol#Theft-deterrent_server_response with more detail on 'real looking' leases. --scott -- ( http://cscott.net/ ) ___ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel