[OLPC Security] Extending theft-deterrence to support delegation.

Jameson "Chema" Quinn jquinn at cs.oberlin.edu
Fri Jun 13 11:33:56 EDT 2008 

A somewhat-less strawman, to see if it sparks anyone's interest. I feel it
is not worth it.

Each link in the signature chain looks like:
hashname_1 key-or-keyid_1 expiration_1 old_gid new_gid
sig(hash(next_keyid:old_gid:new_gid:expiration_time))

confirmation goes something like this (I know you do it in C, but python is
easier for pseudocode):

valid_gids = ["sn-"+serial_number]
for hashname,keyid,expiration,old_gid,new_gid in signature_chain:
     if old_gid in valid_gids:
          valid_gids = valid_gids[:valid_gids.index(old_gid)]
          if new_gid != valid_gids[-1]:
              valid_gids += [new_gid]
     else:
          return invalid
....confirm signature itself....

In other words, at the beginning the valid gid is serial_number; old_gid
truncates the list of valid gids; and new_gid can extend it.

All gids could be restricted to a certain definite length.

Thus the top level signature could as-sign an xo to a certain group, and
lower level signatures could address it either as part of that group or
individually. The full signature chain would still be valid only for a given
serial number, but some links might be valid for whole groups. In theory, an
XO could keep track of its own front part (group assignments) so that it
could accept just the common tail part of a validation. Of course, unless
you could trust the root user to NEVER delete that front part by mistake,
you would have to keep a backup of each individual group assignment chain,
and so you'd lose all the advantages of this system. Also, for short
signature chains, the benefits of group assignment are small, since the
chain MUST start with a serial number and, to provide any theft deterrence,
SHOULD end with a serial number.

So IF we could trust the xos to keep their own signature chains, and IF most
signature chains were at least 3 links long, and IF there was little cost in
adding extra links in the chain just for group assignment, THEN this system
would provide marginal "benefits" in reducing the need for local school
servers to store separate validation signature chains for each of its client
XOs. Meh.

On Fri, Jun 13, 2008 at 7:52 AM, C. Scott Ananian <cscott at laptop.org> wrote:

> On Fri, Jun 13, 2008 at 5:46 AM, Morgan Collett
> <morgan.collett at gmail.com> wrote:
> > By md5, you meant sha-256, right? :)
>
> I did say it was a strawman. ;-)
>  --scott
>
> --
>  ( http://cscott.net/ )
> _______________________________________________
> Security mailing list
> Security at lists.laptop.org
> http://lists.laptop.org/listinfo/security
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.laptop.org/pipermail/security/attachments/20080613/40477d16/attachment.htm

More information about the Security mailing list