[Server-devel] Antitheft: sending a fake stolen...
C. Scott Ananian
cscott at laptop.org
Mon Aug 24 17:45:12 EDT 2009
On Mon, Aug 24, 2009 at 6:37 AM, Martin
Langhoff<martin.langhoff at gmail.com> wrote:
> A while ago, Daniel fixed a bug in my changes to olpc-update, and that
> left me with a to-do item on the xs-activation side.
>
> Reviewed the situation on the OAT proto concept of always sending a
> stolen token, with the idea that xs-activation should do what the
> protocol proposes: always send a 'stolen' element, to prevent a
> relatively simple proxy from blocking stolen msgs.
>
> The situation is a tad more complex, as a proxy could block any
> message not containing a lease.
>
> For the time being I've filed my notes in
> http://dev.laptop.org/ticket/9444 -- so this is a 'for later'.
As I wrote in http://wiki.laptop.org/go/Theft_deterrence_protocol:
"Care should be taken to ensure that these cases can not be easily
distinguished by the presence or contents of other fields in the
message."
A proxy can't tell a valid leave from an invalid lease without knowing
the UUID for every serial number, so you should probably return a
lease which is valid except for the fact that the signed string has an
randomly-chosen UUID (it can't be a fixed "bad" UUID, because that can
be easily tested.)
--scott
--
( http://cscott.net/ )
More information about the Devel
mailing list