#4271 BLOC Update.: Easy mechanism for student to request developer key.
Zarro Boogs per Child
bugtracker at laptop.org
Wed Nov 21 10:16:18 EST 2007
#4271: Easy mechanism for student to request developer key.
-----------------------+----------------------------------------------------
Reporter: cscott | Owner: krstic
Type: defect | Status: new
Priority: blocker | Milestone: Update.1
Component: security | Version:
Resolution: | Keywords:
Verified: 0 |
-----------------------+----------------------------------------------------
Changes (by cscott):
* cc: sj, cscott (added)
Comment:
Replying to [comment:8 cjb]:
> Scott has an alternate server-side-only implementation for this, which
would need to be talked about with SJ to be included in the stock home
page etc. Either's possible and sufficient.
To be concrete, I propose to add a short shell script to bernie's first-
boot configuration page that looks something like this (this is not quite
working html, just a schematic outline):
{{{
<html>
<head><style="https://www.laptop.org/devkey.css"></head>
<iframe src="https://www.laptop.org/devkey.html" />
<form method=post action="https://activation.laptop.org/request/devkey" />
<input type="hidden" name="sn" value="INSERT-SERIAL-HERE" />
<input type="hidden" name="uuid" value="INSERT-UUID-HERE" />
<input type="submit" value="Request dev key" />
</html>
}}}
The iframe business is to allow us to write/rewrite the wording of the
request page later, and to allow translations, possibly via browser
language sniffing (is that implemented in Browse?). Same thing for the
remote .css file. We can play those games in slightly different ways, or
we might just decide that English Only is good enough for now.
The first-boot script will substitute the proper SN and UUID for the
laptop and write this page to ~olpc/.devkey.html. The core library will
have, at an appropriate place, a link to that
file:///home/olpc/.devkey.html url. The server side component (which can
be written later) will accept the request and either queue it up, or (if a
request was previously made) report on the status of a previous dev key
request, allowing the user to download the dev key and giving instructions
for its installation.
There is a risk that an attacker could masquerade as activation.laptop.org
and intercept the SN/UUID, but I think that is an acceptable risk at the
present. We could have the first-boot script encrypt the UUID under an
OLPC public key if we're worried about that attack; it wouldn't be too
much more trouble, but I'm trying to simplify as much as possible in this
first-draft implementation. We could upgrade to an encrypted version
later, with less time pressure.
--
Ticket URL: <http://dev.laptop.org/ticket/4271#comment:11>
One Laptop Per Child <http://dev.laptop.org>
OLPC bug tracking system
More information about the Bugs
mailing list