"Chilling Effects" paper at USENIX

Carl-Daniel Hailfinger c-d.hailfinger.devel.2006 at gmx.net
Wed Apr 9 12:58:21 EDT 2008 

On 09.04.2008 05:50, Jaya Kumar wrote:
> On Tue, Apr 8, 2008 at 8:38 PM, Joshua N Pritikin <jpritikin at pobox.com> wrote:
>   
>> On Tue, Apr 08, 2008 at 10:24:34PM -0400, Benjamin M. Schwartz wrote:
>>  > A paper called "Freezing More Than Bits: Chilling Effects of the OLPC XO
>>  > Security Model" will be presented next Monday at USENIX UPSEC'08 [1].  The
>>  > author has kindly posted the paper at [2], which I discovered after Google
>>  > took me to her weblog [3].
>>
>>  This paper is depressing. Why didn't the authors step up and
>>  contribute instead of criticizing from the citadel?
>>
>>  This paper is dead on arrival.
>>     

No, the paper is dead-on.

> I think your reaction is dismissive rather than addressing the
> author's criticism.
>
> Forgive me if I'm wrong, I'm no expert, but it looks to me like the
> paper makes specific technical criticisms and seems quite detailed. I
> think it would be more positive and productive to respond to the
> technical statements made in the paper rather than to be dismissive
> and ignore what looks to some of us like valuable feedback.
>   

Some of the criticisms in the paper have been mentioned on the security@
list over a year ago. The reactions were twofold: Some were ridiculed,
others were ignored.
It seems this academic paper was the only way to get meaningful
responses. Then again, most of the comments about the paper were either
flames or otherwise dismissive instead of disproving any of the claims
made in the paper.

Anybody who has not completely read both the bitfrost spec and the
USENIX paper should shut up now. I have read the Bitfrost spec and was
one of the first persons to comment on it directly after it was
published. That's why I dismiss most of the comments on this list about
the USENIX paper - it is too obvious that commenters did not read and
understand the Bitfrost spec.

Oh, and by the way, http://wiki.laptop.org/go/OLPC_Bitfrost states "We
welcome feedback on this document, preferably to the public OLPC
security mailing list
<http://mailman.laptop.org/mailman/listinfo/security>". There is NO
point in contacting any Bitfrost author privately to point out flaws -
it would go squarely against published official OLPC policy.

Regards,
Carl-Daniel

More information about the Devel mailing list