[OLPC Security] Periodic identity updates
Simson Garfinkel
simsong at acm.org
Wed Feb 21 06:38:39 EST 2007
Hi, Karl. I'm very confused by the message that you had posted:
> I think so too. But I also wanted a response to the threat of
> somebody, child, parent, teacher, government functionary,
> simply transferring ownership of the XO to another child.
My understanding is that it is the governments that are OLPC's
customers, and not the 5-to-16-year-old-children. If the customer
decides that it's going to transfer ownership of an XO to another
child, that's going to happen. The XO is going to be reflashed and
given to someone else. We explicitly support this functionality. We
can't detect it, because the Customer Government is also running anti-
theft servers.
Perhaps the problem is that I'm really not sure what your role is in
OLPC. My role is that of a hired consultant who is helping Ivan work
on the security specification. My goal is to make sure that the
threats that we have identified are reasonable, and that we have
reasonable responses to these threats.
What is your role in this project and what is your goal? Are you
pursuing an ideological agenda for some theoretical role of computers
in our society, or are you actually working to improve this
particular security model for this particular project?
-Simson
More information about the Security
mailing list