[OLPC Security] Developer Key
Stephen Thorne
stephen.thorne at gmail.com
Wed Feb 21 22:41:47 EST 2007
On 2/22/07, Simson Garfinkel <simsong at acm.org> wrote:
> How do you think that the spec could be modified to make this more
> clear?
Various sections, section 8.1, 8.3, 8.19, 9.1, mention the developer
key, but the data is distributed around the place.
I suggest perhaps dealing with the issue of the developer key in its
own section, 8.19 seems to have some vital information tucked into the
end of it, and 8.1 mentions some of the concerns about it.
Perhaps a new section titled 'Developer Key' could be introduced, and
I suggest it incorperates the key elements about it:
- A developer key is unique to the laptop SN+UUID
- It is not a magic key useful for unlocking all laptops and
nullifying bitfrost.
- Using the key you can sidestep all the security and safety
protections offered by bitfrost.
- Some verbage about how a key would be issued. Is it issued by
someone in MIT, or will there be issuing authorities closer to the
children?
- a 14 day waiting period for anti-theft reasons is mentioned, I
think that should be be asserted slightly clearer.
--
Stephen Thorne
"Give me enough bandwidth and a place to sit and I will move the world."
--Jonathan Lange
More information about the Security
mailing list