[Freedombox-discuss] FBX Setup with Debconf Web-Frontend: Difficult

Philip Hands phil at hands.com
Wed Jan 11 09:29:59 UTC 2012

On Tue, 10 Jan 2012 21:55:18 -0600, Nick Daly <nick.m.daly at gmail.com> wrote:
> I'm mostly unconcerned about MITM attacks during the setup process,
> because that requires being within a ~30m (wireless) range during a 5
> minute window, with the DreamPlug hardware.  *After* the setup is
> complete (ongoing administration), I'm plenty concerned about it.

While I'm not really expecting MITM attacks to be realistic in 99.999%
of the cases, it's perhaps true that the remaining cases are the ones
where someone might go to the trouble, and possibly they are also the
cases where the result of a compromise could be rather bad for a few
people's health, so we probably have to take the potential seriously.

As for 30m -- that's wrong I'm afraid, I know someone who's played with
a dish aerial to get onto random open wifi networks from about 1km
distance -- I'm sure serious attackers would be capable of the same, and
might be able to find out when their target is taking delivery.

Of course, if _I_ was in that position, there's no way I'd use wireless,
in fact I'd probably build myself a Faraday cage, but then again,
there's this:  http://xkcd.com/538/

> Monkeysphere /could/ help automatically organize an HTTPS connection
> between the server and client (after key exchange), had they completed
> their listed goals.  That's not the case, though, so it can't be done.

Isn't this all just unnecessary complication -- once a trusted connection with
your browser to the HTTPS server on the FB, you'll have to accept it's
key (clicking the pointless overrides) -- at that point the FB could
issue you with a client cert (or just use passwords for authentication,
or both -- whatever you fancy).

Once that's done, your browser will notice a change of server key -- we
may need to recommend that people install a plugin to make sure that they
get the message that that's a Bad Thing.

I don't see any need to rely on any network of trust at that point, and
in fact, doing so may well leak information about people who are using
FBs (depending on how it's done), which might be somewhat

> Does this help clarify what I was going for?

I think so -- feel free to tell me I've grasped the wrong end of the
stick again, if necessary. :-)

Cheers, Phil.
|)|  Philip Hands [+44 (0)20 8530 9560]    http://www.hands.com/
|-|  HANDS.COM Ltd.                    http://www.uk.debian.org/
|(|  10 Onslow Gardens, South Woodford, London  E18 1NE  ENGLAND
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20120111/e7fa8658/attachment-0001.pgp>

More information about the Freedombox-discuss mailing list