Hi, On Thursday 17 May 2007 04:04, Ivan Krstić wrote: > Hal Murray wrote: > > That feels like the tip of a security iceberg. Somebody has to be able > > to authorize access to data on the server without the appropriate key, > > including getting the key. > > I don't think that's anything new from the computer security standpoint. > > You have to trust your sysadmin. The interesting part for OLPC will be > > bringing the local sysadmins up to speed on security.
I agree. > Correct. I explained this to people in today's security meeting: the > school server maintains a UUID <-> child identity mapping. Backups are > identified as belonging to a particular UUID. A teacher can log into the > school server and use a graphical interface to reassign existing backups > for a particular UUID to another UUID by modifying the mapping. This > covers laptop destruction or exchange for any reason. Yup. But it would also be nice, if the pupils can ask the server for their backups, without going via the teacher. For that, an access key on the laptop would be needed. (So that it's not possible to request someone elses backup.) In case the laptop breaks or is stolen, the backup should be accessable via the teacher. (And a new laptop key needs to be genereated.) So IMHO the backup has to be stored encrypted twice: once with a school key, and once with a laptop key (kids key). And it would surely be nice, if the laptop keys survives reflashing the laptop. > Once the kids are old enough that they're worried about the teacher > using a spare XO to invade their privacy, I dont think the teachers are the (biggest) security threat here. Random strangers on the other side of the street are more worrysome IMHO. (As we all know, strangers with candy... ;-) > For more details, see P_DOCUMENT_BACKUP and P_PASSWORD in > http://wiki.laptop.org/go/OLPC_Bitfrost . Neither P_DOCUMENT_BACKUP nor P_PASSWORD seem complete to me. Also it says that http://wiki.laptop.org/go/Bitfrost is the authoritive version, which is much less specific. Is there a process to finalize the document and make it binding? I joined the security list today. regards, Holger
pgpdfQPRkeyQK.pgp
Description: PGP signature
_______________________________________________ Devel mailing list Devel@laptop.org http://mailman.laptop.org/mailman/listinfo/devel
