oatslite: a small theft deterrence protocol implementation

[Daniel Drake]

2009/5/27 Martin Langhoff <martin.langhoff at gmail.com>:
>  - OL works with pre-cooked leases created with the master key, so it
> is appropriate for deployments where you can push leases out to each
> XS and where you are comfortable putting the master OATC key in each
> XS. XA works with pre-cooked leases or dynamically generated delegated
> leases -- XA is designed for the local XS to have a "delegation" from
> the master key for each laptops (there are tools in bios-crypto to
> generate the delegations).

Actually the idea (and the practice, at least here) is that oatslite
runs on a central server-of-servers accessible over the internet, so
there is no need to replicate the secret key (putting it on school
servers would be a bad idea, even if we do have them in cages). This
is also why it doesn't do the port 191 stuff, that is a separate
protocol that is designed for in-school usage but this is outside of
the school.

Delegation to school servers is indeed a nicer model, once all the
pieces are ready. Looking forward to hearing about deployment
experiences with this.

>  - OL never says "stolen" :-) -- XA checks on a local database table
> (controlled by Moodle) and can say "you're stolen"

It's worth noting too that there is no client side implementation of
this part of the theft deterrence protocol (yet).

>  - OL is based on a python-based http server, XA is a mod_python
> handler that will eat less resident RAM (theory to be validated ;-) )
> and coexist with other webapps on the XS.

Hehe.. I also don't like the idea of having python apps with large
uptimes, am hoping to switch it to being xinetd-based, but I couldn't
see any easy way to do that without dropping usage of python's nice
http server classes.

Thanks!
Daniel