[OLPC Security] Re: Periodic identity updates
Frank Ch. Eigler
fche at redhat.com
Thu Feb 22 20:24:10 EST 2007
Ivan Krsti=A7 <krstic at solarsail.hcs.harvard.edu> writes:
> [...] attempting to push agendas -- in this case, threat models --
> that lie beyond the scope of the project ("how do you protect
> laptops from the government that bought them?") is not helpful and
> only wastes everyone's time.
But there are several ways in which the security design directly
relates to this. The government personnel are part of the overall
security system. For example ...
Who exactly can submit theft reports? If it is abusable, can anything
be done to prevent those people from trading on that power? Can those
reports be validated/cancelled? How much ongoing effort is budgeted
to validate and service all the various key-related requests coming
from the millions worldwide? Can the system be made resilient to an
attack analogous to a DoS? Can governments force additional
un-removable black-box software onto olpc? Can they block the
"developer key" level override?
More information about the Security