On Thu, Jun 12, 2008 at 7:27 PM, Michael Stone <[EMAIL PROTECTED]> wrote: > It's sad that we have no good way to specifying groups > of serial numbers or delegation to an online S/N authority. Can we do > any better there?
I agree (this is the thrust of my response to Chema as well), but I feel that it is likely out of scope for this release. Again, I don't feel like we can rely on an online authority for this release, and the offline mechanisms seem too clumsy to work well. As a strawman: instead of a serial number in the sig02 format, we use an md5 hash. This hash must be the exact hash of a separate file listing serial numbers, one per line. Now we just have to maintain these files, handle the cases where we add a laptop to the file and now have to maintain multiple copies, name them, find them on USB keys, etc, etc. I'd prefer to first tackle the problem I've got a good solution for, and defer the "arbitrary sets of serial numbers" case until we can't do without it. --scott -- ( http://cscott.net/ ) _______________________________________________ Security mailing list [email protected] http://lists.laptop.org/listinfo/security
