[Sugar-devel] Auto-authentication for Browse -

Simon Schampijer simon at schampijer.de
Thu Feb 12 05:16:22 EST 2009

Previous message: [Sugar-devel] Auto-authentication for Browse -
Next message: [Sugar-devel] [IAEP] activites known not to either work at all or not on certin platforms
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Martin Langhoff wrote:
> On Wed, Feb 11, 2009 at 11:18 PM, Martin Langhoff
> <martin.langhoff at gmail.com> wrote:
>> On Wed, Feb 11, 2009 at 10:25 PM, Andrés Ambrois
>>> I might be missing something, but you're storing the laptop serial number
>>> instead of the pubkey inside the cookie (unless /ofw/mfg-data/SN doesnt
>>> stores a pubkey), which was the original plan C.
>> Good point. I didn't refer back to the spec. I think SN and the pubkey
>> are roughly equal in this situation
>>
>>  - the XS has both
>>  - if a 3rd party sniffs the cookie from the ether... is either of
>> them more damaging than the other?
> 
> Having slept on this, I think it's better to use a hash of the pubkey.
> The SN known by other XOs without sniffing, as all the XMPP traffic
> has it as your username/jid.

Right and the SN is XO specific - thought we want to use this mechanism 
as well in non XO land.

Will look at the new patch now,
    Simon

Previous message: [Sugar-devel] Auto-authentication for Browse -
Next message: [Sugar-devel] [IAEP] activites known not to either work at all or not on certin platforms
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Sugar-devel mailing list