[OLPC Security] Comments on the security properties of Scott's lease-delegation scheme
c-d.hailfinger.devel.2006 at gmx.net
Wed Jul 9 20:21:16 EDT 2008
On 09.07.2008 21:40, Michael Stone wrote:
> On Wed, Jul 09, 2008 at 02:09:32PM -0400, Benjamin M. Schwartz wrote:
>> I find this e-mail is vague to the point of incomprehensibility.
>> Michael Stone wrote:
>> | 1. If the attacker wishes to resell "working" laptops (rather than, say,
>> | components), then deploying this scheme may force attackers to
>> | circumvent theft-deterrence protections more quickly.
>> Vague. What do attackers have to do more quickly? Clearly reprogamming
>> the SPI flash can be done even after all the timeouts expire, so you must
>> be thinking of something else.
> Replacing the SPI flash is a means of circumventing the theft-deterrence
> protections. My claim is that the point of the scheme is to force
> attackers who wish to resell laptops running something like our software
> to employ such a circumvention.
>> | 3. The major security effects derive from rearranging and hopefully
>> | reducing the support costs of the theft-deterrence system (e.g. by
>> | exchanging the cost of providing connectivity to the OLPC GTDS for the
>> | cost of maintaining public key infrastructure) rather than as a result
>> | of any technical improvement in the security afforded by the design or
>> | the software.
>> I would say that the main security effects derive from introducing theft
>> deterrents in places without internet access. Currently, there is no
>> technical deterrent to theft in these schools.
So you both are saying that right now theft deterrence
- can be circumvented easily even without hardware modifications and
- does not even exist in some places.
That's not security, it's a disaster.
I really hope this is not the case.
More information about the Security