[OLPC Security] Comments on the security properties of Scott's lease-delegation scheme

C. Scott Ananian cscott at laptop.org
Thu Jul 10 07:15:05 EDT 2008

There is no perfect security.  All "security" is a measure of 'cost to
circumvent', and those costs are evaluated over many axes, with
different evaluation functions in different places.  Delegations are
bound to a serial number, so they do not affect security unless you
decide to employ them for a particular laptop.  There may be contexts
in which the school server cannot be trusted; don't delegate to that
school server, then.  But in some places, you can trade off greater
required school server security for the ability to issue shorter
leases, and there are "cost functions" for which this results in
improved "security".

As Martin says, theft-deterrence will always be an ongoing cat and
mouse game.  This is just the next step, which allows us to explore
corners of the tradeoff space we couldn't previously.

 ( http://cscott.net/ )

More information about the Security mailing list