On Mon, Aug 24, 2009 at 6:37 AM, Martin Langhoff<martin.langh...@gmail.com> wrote: > A while ago, Daniel fixed a bug in my changes to olpc-update, and that > left me with a to-do item on the xs-activation side. > > Reviewed the situation on the OAT proto concept of always sending a > stolen token, with the idea that xs-activation should do what the > protocol proposes: always send a 'stolen' element, to prevent a > relatively simple proxy from blocking stolen msgs. > > The situation is a tad more complex, as a proxy could block any > message not containing a lease. > > For the time being I've filed my notes in > http://dev.laptop.org/ticket/9444 -- so this is a 'for later'.
As I wrote in http://wiki.laptop.org/go/Theft_deterrence_protocol: "Care should be taken to ensure that these cases can not be easily distinguished by the presence or contents of other fields in the message." A proxy can't tell a valid leave from an invalid lease without knowing the UUID for every serial number, so you should probably return a lease which is valid except for the fact that the signed string has an randomly-chosen UUID (it can't be a fixed "bad" UUID, because that can be easily tested.) --scott -- ( http://cscott.net/ ) _______________________________________________ Server-devel mailing list Server-devel@lists.laptop.org http://lists.laptop.org/listinfo/server-devel