[sugar] XO-user's communications security needs
Jameson "Chema" Quinn
jquinn at cs.oberlin.edu
Wed Mar 26 14:03:24 EDT 2008
I see 3 meaningful possibilities:
1. P_IDENT activities can sign/unencrypt anything with users private key,
with no user knowledge. Thus a signature means only that communication comes
from a given laptop, and has no implication about the awareness or assent of
the user of that laptop.
2. P_IDENT only lets activities use signatures/unencryption within strictly
limited communications protocols OR with some explicit, trusted-UI agreement
from the user. The communications protocols are designed such that each
encrypted/signed block is identifiable and validated as part of that
protocol (ie, header in every block, or only the temporary private key is
encrypted against the real private key and the OS refuses to unencrypt
temporary private keys unless they are marked as part of that protocol).
Thus a signature on, or the ability to unencrypt, data that is not marked as
part of that protocol, implies user assent.
3. There is one private key used for communications security, and another
one used for user identity verification.
Are my possibilities comprehensive? If so, which one are we aiming for?
On Wed, Mar 26, 2008 at 11:40 AM, Michael Stone <michael at laptop.org> wrote:
> Pursuant to recent discussions about P_IDENT, I've begun drafting
> principles and use cases in order to discover some of the communications
> security needs of XO-users.
> My thoughts to date (with substantial input from both Daf and
> Polychronis) are recorded, haphazardly, at
> Finally, I will be meeting briefly with Jonathan Herzog tomorrow morning
> in order to review this material. If you have the opportunity, please
> examine my thoughts, let me know what you consider to be the most
> pressing concerns either by replying to this email or on the wiki page.
> I'll do what I can to dig up convincing answers. :)
> Sugar mailing list
> Sugar at lists.laptop.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Devel