[sugar] XO identity shared via Browse
luke at laptop.org
Thu Dec 4 21:17:06 EST 2008
On Thu, Dec 4, 2008 at 19:17, Greg Smith <gregsmitholpc at gmail.com> wrote:
> I'm copying in Devel and will drop the sugar list on further replies
> (hope that's the right netiquette in this case...).
(note: I'm not on devel, so please keep me CC'd)
> > security) who are the principals?
> > what are their goals?
> > what attacks concern us?
> GS - In general I don't want any other devices to be able to appear to
> be the XO. We can assume that the XS <-> XO is a secure network not
> visible to the outside workd (whether that is true in practice is
> another story). So I moved the encryption and stringent security
> requirements to the optional case where the XO is talking to a non-XS
I'd rather not make that assumption. Some schools may not have a _local_
school server (even dispite our best wishes) or a student may want to access
the server from a non-local connection. The XS, IMHO, should support the
"road warrior" use case (at least for post-registration)
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel