#4271 BLOC Update.: Easy mechanism for student to request developer key.

Zarro Boogs per Child bugtracker at laptop.org
Wed Nov 21 10:16:18 EST 2007


#4271: Easy mechanism for student to request developer key.
-----------------------+----------------------------------------------------
  Reporter:  cscott    |       Owner:  krstic  
      Type:  defect    |      Status:  new     
  Priority:  blocker   |   Milestone:  Update.1
 Component:  security  |     Version:          
Resolution:            |    Keywords:          
  Verified:  0         |  
-----------------------+----------------------------------------------------
Changes (by cscott):

 * cc: sj, cscott (added)


Comment:

 Replying to [comment:8 cjb]:
 > Scott has an alternate server-side-only implementation for this, which
 would need to be talked about with SJ to be included in the stock home
 page etc.  Either's possible and sufficient.

 To be concrete, I propose to add a short shell script to bernie's first-
 boot configuration page that looks something like this (this is not quite
 working html, just a schematic outline):
 {{{
 <html>
 <head><style="https://www.laptop.org/devkey.css"></head>
 <iframe src="https://www.laptop.org/devkey.html" />
 <form method=post action="https://activation.laptop.org/request/devkey" />
 <input type="hidden" name="sn" value="INSERT-SERIAL-HERE" />
 <input type="hidden" name="uuid" value="INSERT-UUID-HERE" />
 <input type="submit" value="Request dev key" />
 </html>
 }}}
 The iframe business is to allow us to write/rewrite the wording of the
 request page later, and to allow translations, possibly via browser
 language sniffing (is that implemented in Browse?).  Same thing for the
 remote .css file.  We can play those games in slightly different ways, or
 we might just decide that English Only is good enough for now.

 The first-boot script will substitute the proper SN and UUID for the
 laptop and write this page to ~olpc/.devkey.html.  The core library will
 have, at an appropriate place, a link to that
 file:///home/olpc/.devkey.html url. The server side component (which can
 be written later) will accept the request and either queue it up, or (if a
 request was previously made) report on the status of a previous dev key
 request, allowing the user to download the dev key and giving instructions
 for its installation.

 There is a risk that an attacker could masquerade as activation.laptop.org
 and intercept the SN/UUID, but I think that is an acceptable risk at the
 present.  We could have the first-boot script encrypt the UUID under an
 OLPC public key if we're worried about that attack; it wouldn't be too
 much more trouble, but I'm trying to simplify as much as possible in this
 first-draft implementation.  We could upgrade to an encrypted version
 later, with less time pressure.

-- 
Ticket URL: <http://dev.laptop.org/ticket/4271#comment:11>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system



More information about the Bugs mailing list