[OLPC Security] Extending theft-deterrence to support delegation.
C. Scott Ananian
cscott at laptop.org
Thu Jun 12 19:40:12 EDT 2008
On Thu, Jun 12, 2008 at 7:27 PM, Michael Stone <michael at laptop.org> wrote:
> It's sad that we have no good way to specifying groups
> of serial numbers or delegation to an online S/N authority. Can we do
> any better there?
I agree (this is the thrust of my response to Chema as well), but I
feel that it is likely out of scope for this release. Again, I don't
feel like we can rely on an online authority for this release, and the
offline mechanisms seem too clumsy to work well.
As a strawman: instead of a serial number in the sig02 format, we use
an md5 hash. This hash must be the exact hash of a separate file
listing serial numbers, one per line. Now we just have to maintain
these files, handle the cases where we add a laptop to the file and
now have to maintain multiple copies, name them, find them on USB
keys, etc, etc.
I'd prefer to first tackle the problem I've got a good solution for,
and defer the "arbitrary sets of serial numbers" case until we can't
do without it.
--scott
--
( http://cscott.net/ )
More information about the Security
mailing list