#9444 NORM Not Tri: antitheft: Always send 'stolen' and 'lease' - client and server
Zarro Boogs per Child
bugtracker at laptop.org
Mon Aug 24 06:24:57 EDT 2009
#9444: antitheft: Always send 'stolen' and 'lease' - client and server
-----------------------------+----------------------------------------------
Reporter: martin.langhoff | Owner: martin.langhoff
Type: enhancement | Status: new
Priority: normal | Milestone: Not Triaged
Component: security | Version: not specified
Keywords: schoolserver | Next_action: never set
Verified: 0 | Deployment_affected:
Blockedby: | Blocking:
-----------------------------+----------------------------------------------
As dsd points out, according to
http://wiki.laptop.org/go/Theft_deterrence_protocol the OAT server should
always send a 'stolen' hash.
This is incomplete however -- a MITM will be able to just filter responses
that don't contain a lease. To avoid filtering effectively we have to send
something that looks like a lease, but is invalid.
The client side must handle gracefully invalid leases that are otherwise
part of a valid msg.
Needs to beimplemented in xs-activation && olpc-update.
--
Ticket URL: <http://dev.laptop.org/ticket/9444>
One Laptop Per Child <http://laptop.org/>
OLPC bug tracking system
More information about the Bugs
mailing list