[Freedombox-discuss] FreedomBox/Unhosted/PageKite for Access Innovation Prize 2012
Michael Rogers
michael at briarproject.org
Sun Jul 8 21:35:08 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/07/12 20:43, Bjarni Rúnar Einarsson wrote:
> == Scenario Three: Prepackaged Domain/SSL/PageKite ==
>
> A variation on the above two, where instead of the user registering
> their own domain and SSL certificate, both are provided
> preconfigured on the FreedomBox itself by the distributor. A
> PageKite account could be included/preconfigured as well.
>
> Pros: A "plug and play" solution, especially if PageKite is
> included. Compatible with the public web.
>
> Cons: Requires the user have a public IP. The FreedomBox
> distributor becomes a "single point of attack" as they have a
> central list of which domain belongs to which user. The
> distributor is also in a position which allows them to issue new
> certs and MITM attack users without their knowledge.
These cons are all solvable. The box's installation wizard can guide
the user through choosing a PageKite subdomain, entering payment
details, generating an SSL cert and submitting it to StartSSL. The
user doesn't need a static IP. The hardware distributor doesn't need
to know which PageKite subdomain the user chooses, and doesn't need to
generate or sign certs.
A power user might want to choose a different PageKite provider or
certificate authority - there's no reason the software shouldn't
support that.
Of course, a malicious hardware distributor could insert backdoors in
the software to defeat the "separation of powers", but all the
proposed solutions are vulnerable to backdoors. Users will either have
to trust the distributors or collectively audit the boxes.
Cheers,
Michael
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJP+f0MAAoJEBEET9GfxSfM0voIAIf29JgusZqYkbVaMj/X+SHT
JG2gC7VACAK2XWeyYQ+on/95gxYKjCW+Knf1Vk4BTWAgnOqSc0WQp6RNtUcRL867
zHS6IrjFtOmCF72dSmivGOvsHjyV+rqutrU9j5/pE1NnVdHkYpIqka413a7dIsNS
fbjE60BnZEFZDz4HK+wqSE/wzcPZnHlZr2CvYzTLEKRLMC78X811TJrxBwZTEh7R
Cccif6bC38XjjK1jkJ22FrgBky62UCFGSz0rlTgU1Q28n1ZeXwATezD6XD55jAAS
8JGQ869SE0PFAbTPA+lILbjTzcGZwgqmbgFmHUTX8mWL6AE6hjUNkqfi2nQyX04=
=8y3p
-----END PGP SIGNATURE-----
More information about the Freedombox-discuss
mailing list