On Wed, Jul 09, 2008 at 02:09:32PM -0400, Benjamin M. Schwartz wrote: > I find this e-mail is vague to the point of incomprehensibility. > > Michael Stone wrote: > | 1. If the attacker wishes to resell "working" laptops (rather than, say, > | components), then deploying this scheme may force attackers to > | circumvent theft-deterrence protections more quickly. > > Vague. What do attackers have to do more quickly? Clearly reprogamming > the SPI flash can be done even after all the timeouts expire, so you must > be thinking of something else.
Replacing the SPI flash is a means of circumventing the theft-deterrence protections. My claim is that the point of the scheme is to force attackers who wish to resell laptops running something like our software to employ such a circumvention. > | 2. As more trust is placed in local infrastructure, it becomes easier to > | circumvent theft-deterrence protections. > > In places without an internet uplink, there is presently no > theft-deterrence protection to circumvent. This would introduce some. False. Leases can be delivered by any means capable of conveying bits; in particular USB courier. > Schools with internet access need not alter their operations at all. Perhaps. In the presence of delgation, can attacks on a school server at one school lower the cost of stealing laptops from another source? > | 3. The major security effects derive from rearranging and hopefully > | reducing the support costs of the theft-deterrence system (e.g. by > | exchanging the cost of providing connectivity to the OLPC GTDS for the > | cost of maintaining public key infrastructure) rather than as a result > | of any technical improvement in the security afforded by the design or > | the software. > > I would say that the main security effects derive from introducing theft > deterrents in places without internet access. Currently, there is no > technical deterrent to theft in these schools. As described above, regular internet access is not necessary for deploying passive-kill. It is necessary for deploying active-kill. It permits you to issue leases with shorter lifetimes which, it is argued, will raise the cost of selling stolen laptops (and hence deter laptop theft.) > Calling this an exchange of connectivity for PKI is bizarre. There is > only an "exchange" if schools that would have had internet access will be > denied it as a result of this infrastructure. From my contact with > deployment teams, that seems tremendously unlikely. I believe that would be an exchange of benefits. I was talking about simple change in the nature of the kind (and hopefully scale) of costs that must be paid off in order deploy a theft deterrence system with short leases. Michael _______________________________________________ Security mailing list [email protected] http://lists.laptop.org/listinfo/security
