[Freedombox-discuss] [Freedom Box] Finding your FB box on the network

Jonas Smedegaard dr at jones.dk
Thu Oct 14 15:38:15 UTC 2010 

On Thu, Oct 14, 2010 at 04:45:09PM +0200, Christian Brædstrup wrote:
>2010/10/14 Jonas Smedegaard <dr at jones.dk>
>
>> If security is a concern (and it is!), then we need some way of 
>> establishing a secure connection between the FreedomBox and its user.
>>
>....
>>
>
>> My favorite would be that the security token was a WebID, i.e. a 
>> client-side SSL certificate (with some extra hints added to act as a 
>> semantic web user id too).  Tough part of this is to follow the 
>> documentation on generating WebID correctly - and make it work inside 
>> an install routines.  It should be pretty easy to then restrict web 
>> interfaces to only use SSL and only accept communication with those 
>> in possesion of that WebID.
>>
>
>I couldn't agree more.  Security both on the system but also during the 
>install process is VERY important. I have also thought about it but 
>didn't consider the WedID solution. I think that there might be a 
>problem with non-tech users who don't know what WebID is and don't know 
>how to set it up.


I believe it is *not* complex for the user.  Imagine this web page:


Your FreedomBox is now in (re)install mode.

Click on the yellow button below to replace your current WebID with a 
new one.  Please note that this will *not* re-encrypt data previously 
secured by an older WebID, so keep your old WebIDs around if you want to 
access old data.

Click on the big red button below to delete, erase and wipe all data, 
and generate a fresh unique pair of encryption keys - a.k.a. your WebID. 
The secret key is kept on the FreedomBox and the public part you should 
install into your web browser when it pops up here after a short moment.

If you already know what domain this freedomBox should be tied to, and 
what you want as nickname on this domain then fill in the line below. 
Else don't worry - you can regenerate your WebID later from this page.



The second section about a yellow button obviously only shows if in fact 
there is a WebID stored on the FreedomBox already.

Similarly the wording could probably be phrased less scary when the 
FreedomBox recognizes that this is an initial install (i.e. no data 
exist on the box already).


>A solution could be to have a system like the Live-CD web builder that 
>Debian has. The user builds a custom live image with the packages he 
>wants and get a custom password to access the installers web interface 
>(That is hardcoded into the install system somehow). The solution has 
>one big downside. There needs to be a build server somewhere to produce 
>the ISO's. Having the scripts at hand and caching the packages can 
>reduce the strain on the CPU and the connection but the server still 
>has to run. Perhaps we could get in on the existing debian live build 
>server when the project matures. One of the advantages of having a 
>custom build system is that users with low bandwith can download the 
>ISO's at work or school and don't need a internet connection at home to 
>install all the packages he wants. But I think that solution is a bit 
>into the future and now a simpel system will work just fine. I also see 
>it as being a bit cloumsy but it would require the user to know the 
>password to get acces to the install web interface and that would add a 
>good layer of security. This solution could of course be just one way 
>to provide security. Then the user can select his prefered way of 
>authentication on the web install login page.
>
>Hope you could follow along on my rant. The solution would be technical 
>difficult to implement (just like the webID) and I agree with Jonas 
>that is a project for the future but a important one.

I believe I followed your dscription.  And pretty sure that I dislike 
what I read, unfortunately... :-(

Compilation is too complex a task to involve the user in.  Externalizing 
that task does absolutely no good for security, and defeats the purpose 
of decentralization IMO.

Oh, and compiling unique code is bad for security, so should be limited 
as much as possible, say, to compiling a digital certificate like WebID 
;-)


  - Jonas

-- 
  * Jonas Smedegaard - idealist & Internet-arkitekt
  * Tlf.: +45 40843136  Website: http://dr.jones.dk/

  [x] quote me freely  [ ] ask before reusing  [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20101014/ca2d2518/attachment.pgp>

More information about the Freedombox-discuss mailing list