[OLPC Security] Extending theft-deterrence to support delegation.

C. Scott Ananian cscott at laptop.org
Thu Jun 12 19:40:12 EDT 2008


On Thu, Jun 12, 2008 at 7:27 PM, Michael Stone <michael at laptop.org> wrote:
> It's sad that we have no good way to specifying groups
> of serial numbers or delegation to an online S/N authority. Can we do
> any better there?

I agree (this is the thrust of my response to Chema as well), but I
feel that it is likely out of scope for this release.  Again, I don't
feel like we can rely on an online authority for this release, and the
offline mechanisms seem too clumsy to work well.

As a strawman: instead of a serial number in the sig02 format, we use
an md5 hash.  This hash must be the exact hash of a separate file
listing serial numbers, one per line.  Now we just have to maintain
these files, handle the cases where we add a laptop to the file and
now have to maintain multiple copies, name them, find them on USB
keys, etc, etc.

I'd prefer to first tackle the problem I've got a good solution for,
and defer the "arbitrary sets of serial numbers" case until we can't
do without it.
 --scott

-- 
 ( http://cscott.net/ )


More information about the Security mailing list