Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-13 Thread Martin Langhoff
On Thu, Aug 14, 2008 at 7:47 AM, Tom Mitchell <[EMAIL PROTECTED]> wrote: > On Tue, Aug 12, 2008 at 9:29 AM, Jerry Vonau <[EMAIL PROTECTED]> wrote: >> Why not encrypt the partition on the usb-stick? Not too sure what all >> that would involve, just some food for thought. > > Caution, strong encrypt

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-13 Thread Tom Mitchell
On Tue, Aug 12, 2008 at 9:29 AM, Jerry Vonau <[EMAIL PROTECTED]> wrote: > Martin Langhoff wrote: >> On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone <[EMAIL PROTECTED]> wrote: >>> * What use cases are you trying to support? >> >> Insert a usb stick with content that is OK'd by the regional NOC >> (n

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-12 Thread Jerry Vonau
Martin Langhoff wrote: > On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone <[EMAIL PROTECTED]> wrote: >> * What use cases are you trying to support? > > Insert a usb stick with content that is OK'd by the regional NOC > (network operations centre) for execution/installation on the XS. > >> * What

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-11 Thread Martin Langhoff
On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone <[EMAIL PROTECTED]> wrote: > If you want to go the route of 'signed content lives in directories', > then please examine the programs in olpc-contents >http://wiki.laptop.org/go/Olpc-contents > and let us know in what way they can be improved befor

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-11 Thread Martin Langhoff
On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone <[EMAIL PROTECTED]> wrote: > If you're more interested 'signed content lives in archives', then > JAR-signing might be for you! JARs look good but there don't seem to be decent cli tools to deal with them (can fastjar sign and check sigs in packages?)

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-11 Thread Martin Langhoff
On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone <[EMAIL PROTECTED]> wrote: > * What use cases are you trying to support? Insert a usb stick with content that is OK'd by the regional NOC (network operations centre) for execution/installation on the XS. > * What threats obstruct supporting those

Re: [Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-11 Thread Michael Stone
Martin, Thanks for your note. Unfortunately, it left me with more questions than with answers. Some questions include: * What use cases are you trying to support? * What threats obstruct supporting those use cases? * What trust structure are you trying to create and how does it mi

[Server-devel] A simple signed bundle/directory trust scheme for the XS

2008-08-10 Thread Martin Langhoff
The XS now has a few new packages that allow it to auto-install certain types of content (XO installation builds, for starters) from USB keys. This means that I have to address validating that such content comes from a trusted source. So I am setting up a simple and straightforward authentication