[Server-devel] A simple signed bundle/directory trust scheme for the XS
Jerry Vonau
jvonau at shaw.ca
Tue Aug 12 12:29:45 EDT 2008
Martin Langhoff wrote:
> On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone <michael at laptop.org> wrote:
>> * What use cases are you trying to support?
>
> Insert a usb stick with content that is OK'd by the regional NOC
> (network operations centre) for execution/installation on the XS.
>
>> * What threats obstruct supporting those use cases?
>
> Content could be modified on the way to insert evil sharks with
> frikking lasers into the XS.
>
>> * What trust structure are you trying to create and how does it
>> mitigate the threats while permitting the use cases?
>
> As I've written, we trust keys put in place at install time. Install
> time is privileged, root user is privileged.
>
>> * What algorithms are you going to use and why?
>
> Whatever GPG uses for signatures, SHA1 for file integrity because I'd
> be an idiot to try and be smarter than crypto researchers.
>
>> * What security
>> properties are you trying to check?
>
> Signed by the NOC, not changed.
>
Why not encrypt the partition on the usb-stick? Not too sure what all
that would involve, just some food for thought.
Jerry
More information about the Server-devel
mailing list