[Freedombox-discuss] FBX Setup with Debconf Web-Frontend: Difficult
kent
kent at songbird.com
Wed Jan 11 07:12:44 UTC 2012
Nick,
The second case (hardwired/script) approach only has to get to the
point of the user being able to run a browser that connects over the
hardwired link, which I think would be a very minimal script. Once a
browser was connected configuration would proceed as described for the
wireless case. So I think the obvious thing is to go with the hardwired
approach.
It might be possible to provide some method of getting the FB to
configure over wireless as a fallback, if that was really all that was
available.
Kent
On Tue, 10 Jan 2012 21:55:18 -0600, Nick Daly wrote:
[...]
>
> There are a couple approaches we could take to the setup process,
> each
> with advantages and problems:
>
> - - The user connects to the DreamPlug's wireless network and a
> specific
> one-time install URL.
>
> That's simple, but not very secure, and doesn't make future
> administration simpler.
>
> - - The user starts an install script on their primary machine which
> walks them through the install process.
>
> That's more complicated, however, it means we can automate a fair
> number of things (even the initial connection to the wireless
> network
> to exchange keys). This means future administration becomes easier
> and more secure.
>
> If you're configuring over wireless, the initial connection (at least
> the key exchange) will be insecure. Ethernet-based configuration
> would
> be preferred, if more difficult. Am I shooting too low, not giving
> users enough credit? Are we (should we be) aiming for community
> gurus
> who can set up federated servers for their communities, or end-users
> who
> would set up a server directly?
>
> I'm mostly unconcerned about MITM attacks during the setup process,
> because that requires being within a ~30m (wireless) range during a 5
> minute window, with the DreamPlug hardware. *After* the setup is
> complete (ongoing administration), I'm plenty concerned about it.
>
> Monkeysphere /could/ help automatically organize an HTTPS connection
> between the server and client (after key exchange), had they
> completed
> their listed goals. That's not the case, though, so it can't be
> done.
>
> Does this help clarify what I was going for? Are there any other
> questions?
>
> Thanks for your time,
> Nick
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQIcBAEBAgAGBQJPDQgnAAoJEJ8nM/QJKNI6m4cQAKi1F1/D4Y6OHaTfQtMg9hOw
> BajtpAdcfVu5by2VyZ1jrQxt3HFxSwS/Vc4GcOXFFHPPrVdJOd5TpYTMf8vdHhj9
> wbLW80+mR0877O4xis9sW9Rgq0b8l7t8YYBOD9yUFfT6FIRbW4wO/7NDyjR8koBi
> J7vXNe8prpqp52EeduhgYNFLUygf5xCYqdDXVDN2O+EwgCnWChfC/mzB9hdfeP1u
> a/3vH/KL1ZhevK+Qd1GAYLzM1xLOJlmQOEPmk9LY0zTL7oXjj6aAZ8mh/BXFcoFL
> W8QiOWu1KSjGvEs8JZPPtdng7rVYq1yh9ko5GEBjk1ArF0tyAmyItQYc75fPmwbJ
> fy+HmE5OHPA65efY9hlgJjONxCQpsJfwWQ+3eSgzyP3OgxJvv6/qIGGELGXugz2y
> rAMmfxbLnqlImTafNSp6zj2R/IHRMlcQMHG2Ppn6qd1JJNLVnQYoE049IkEDVe7w
> UpBdrMALr+jysM5rLqmSWCuGiJOpUmn2zmJccRQJ1XDqTBbjJhkxIUQ1UJPRQRB2
> Bqxd8VVLZhf00meunxQcCGKKmNpC2DMQxmzjuZNoHuA7XTsw66p63c9YGbbzP6gl
> PZmlQXTiosxKTBBT+inMLr0iaATqqYHg5shdKcOt0QBqn8aPLKCQX4qh9euO3Ovd
> J1KY8om+qnq/26WP2Ict
> =RpPH
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Freedombox-discuss mailing list
> Freedombox-discuss at lists.alioth.debian.org
>
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
More information about the Freedombox-discuss
mailing list