Martin Langhoff wrote: > On Tue, Aug 12, 2008 at 2:24 AM, Michael Stone <[EMAIL PROTECTED]> wrote: >> * What use cases are you trying to support? > > Insert a usb stick with content that is OK'd by the regional NOC > (network operations centre) for execution/installation on the XS. > >> * What threats obstruct supporting those use cases? > > Content could be modified on the way to insert evil sharks with > frikking lasers into the XS. > >> * What trust structure are you trying to create and how does it >> mitigate the threats while permitting the use cases? > > As I've written, we trust keys put in place at install time. Install > time is privileged, root user is privileged. > >> * What algorithms are you going to use and why? > > Whatever GPG uses for signatures, SHA1 for file integrity because I'd > be an idiot to try and be smarter than crypto researchers. > >> * What security >> properties are you trying to check? > > Signed by the NOC, not changed. >
Why not encrypt the partition on the usb-stick? Not too sure what all that would involve, just some food for thought. Jerry _______________________________________________ Server-devel mailing list [email protected] http://lists.laptop.org/listinfo/server-devel
