Discussion:
[OLPC Security] XO-user's communications security needs
Michael Stone
2008-03-26 17:40:27 UTC
Permalink
Folks,

Pursuant to recent discussions about P_IDENT, I've begun drafting
principles and use cases in order to discover some of the communications
security needs of XO-users.

My thoughts to date (with substantial input from both Daf and
Polychronis) are recorded, haphazardly, at

http://wiki.laptop.org/go/Communications_security

Finally, I will be meeting briefly with Jonathan Herzog tomorrow morning
in order to review this material. If you have the opportunity, please
examine my thoughts, let me know what you consider to be the most
pressing concerns either by replying to this email or on the wiki page.
I'll do what I can to dig up convincing answers. :)

Michael
Jameson "Chema" Quinn
2008-03-26 18:03:24 UTC
Permalink
I see 3 meaningful possibilities:

1. P_IDENT activities can sign/unencrypt anything with users private key,
with no user knowledge. Thus a signature means only that communication comes
from a given laptop, and has no implication about the awareness or assent of
the user of that laptop.

2. P_IDENT only lets activities use signatures/unencryption within strictly
limited communications protocols OR with some explicit, trusted-UI agreement
from the user. The communications protocols are designed such that each
encrypted/signed block is identifiable and validated as part of that
protocol (ie, header in every block, or only the temporary private key is
encrypted against the real private key and the OS refuses to unencrypt
temporary private keys unless they are marked as part of that protocol).
Thus a signature on, or the ability to unencrypt, data that is not marked as
part of that protocol, implies user assent.

3. There is one private key used for communications security, and another
one used for user identity verification.

Are my possibilities comprehensive? If so, which one are we aiming for?

Jameson
Post by Michael Stone
Folks,
Pursuant to recent discussions about P_IDENT, I've begun drafting
principles and use cases in order to discover some of the communications
security needs of XO-users.
My thoughts to date (with substantial input from both Daf and
Polychronis) are recorded, haphazardly, at
http://wiki.laptop.org/go/Communications_security
Finally, I will be meeting briefly with Jonathan Herzog tomorrow morning
in order to review this material. If you have the opportunity, please
examine my thoughts, let me know what you consider to be the most
pressing concerns either by replying to this email or on the wiki page.
I'll do what I can to dig up convincing answers. :)
Michael
_______________________________________________
Sugar mailing list
Sugar at lists.laptop.org
http://lists.laptop.org/listinfo/sugar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/security/attachments/20080326/f99f6946/attachment.htm
Loading...