-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/07/12 20:43, Bjarni Rúnar Einarsson wrote: > == Scenario Three: Prepackaged Domain/SSL/PageKite == > > A variation on the above two, where instead of the user registering > their own domain and SSL certificate, both are provided > preconfigured on the FreedomBox itself by the distributor. A > PageKite account could be included/preconfigured as well. > > Pros: A "plug and play" solution, especially if PageKite is > included. Compatible with the public web. > > Cons: Requires the user have a public IP. The FreedomBox > distributor becomes a "single point of attack" as they have a > central list of which domain belongs to which user. The > distributor is also in a position which allows them to issue new > certs and MITM attack users without their knowledge.
These cons are all solvable. The box's installation wizard can guide the user through choosing a PageKite subdomain, entering payment details, generating an SSL cert and submitting it to StartSSL. The user doesn't need a static IP. The hardware distributor doesn't need to know which PageKite subdomain the user chooses, and doesn't need to generate or sign certs. A power user might want to choose a different PageKite provider or certificate authority - there's no reason the software shouldn't support that. Of course, a malicious hardware distributor could insert backdoors in the software to defeat the "separation of powers", but all the proposed solutions are vulnerable to backdoors. Users will either have to trust the distributors or collectively audit the boxes. Cheers, Michael -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJP+f0MAAoJEBEET9GfxSfM0voIAIf29JgusZqYkbVaMj/X+SHT JG2gC7VACAK2XWeyYQ+on/95gxYKjCW+Knf1Vk4BTWAgnOqSc0WQp6RNtUcRL867 zHS6IrjFtOmCF72dSmivGOvsHjyV+rqutrU9j5/pE1NnVdHkYpIqka413a7dIsNS fbjE60BnZEFZDz4HK+wqSE/wzcPZnHlZr2CvYzTLEKRLMC78X811TJrxBwZTEh7R Cccif6bC38XjjK1jkJ22FrgBky62UCFGSz0rlTgU1Q28n1ZeXwATezD6XD55jAAS 8JGQ869SE0PFAbTPA+lILbjTzcGZwgqmbgFmHUTX8mWL6AE6hjUNkqfi2nQyX04= =8y3p -----END PGP SIGNATURE----- _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
