Re[2]: [Etherboot-developers] CVS COMMIT: Safe booting concept
Brought to you by:
marty_connor,
stefanhajnoczi
Menu
▾
▴
Re[2]: [Etherboot-developers] CVS COMMIT: Safe booting concept
|
From: Anselm M. H. <an...@ho...> - 2003-05-06 21:01:54
|
Hello Eric, Tuesday, May 06, 2003, 1:42:57 PM, you wrote: > The next question is do we want to look at using IKE > the internet key exchange defined for IPsec. This would > allow us to switch keys with which we verify the image. > Currently since we don't have a private location to store > a key we cannot participate in a protocol that requires > us to have a well known private/public key pair. I think that's not to difficult: Generate ourselves a private key (random data required, and computing time** of course), send the public key to the server (encrypted with its public key) and now we have a complete double pub/sec keypair. Problem would be: How to authenticate client (from server's view)? Anyone could pretend to be "client" - even forging MAC should not be to difficult. > For other things it could be interesting. ACK **: It seems as if download is about 2secs slower on 1MB (for md5) on my emulated 1GHz AMD, and additional 2 secs are taken to decrypt the signature. Perfomance could probably be increased, but I have more to do (get some money, and so, right now), so someone else might have a look. However, the concept is proven to work, and my name is in the code :-) Best regards, Anselm Martin Hoffmeister Stockholm Projekt Computer-Service <an...@ho...> |
