Difference between revisions of "Application:SkyNet"
Line 17: | Line 17: | ||
First we need a means of creating an ssh key-pair, and sending the public key to another device for installation there. | First we need a means of creating an ssh key-pair, and sending the public key to another device for installation there. | ||
− | So an atomic service method to create a key-pair, install the private key | + | So an atomic service method to create a key-pair, and install the private key. The service method must not give access to the private key. |
− | + | Then a second service method to return the public key for transmission to the remote device. | |
Security implications for the key-pair generation service method include denial of service by a rogue mojo app calling the service to create a new private key. This can be countered by a confirmation screen like in the old Java Package Manager Service. | Security implications for the key-pair generation service method include denial of service by a rogue mojo app calling the service to create a new private key. This can be countered by a confirmation screen like in the old Java Package Manager Service. | ||
No known security implications for the public key retrieval service method. One assumes that rogue mojo knowledge of a public key is not an issue (it's a public key by definition). | No known security implications for the public key retrieval service method. One assumes that rogue mojo knowledge of a public key is not an issue (it's a public key by definition). |
Revision as of 06:14, 23 May 2010
SkyNet is an application which manages the secure linking of webOS (and other) devices together over the internet.
It uses secure exchange of ssh keys, and management of restricted rsync command lines in the authorized_keys file, to allow secure, managed, authorized transfers of files between devices.
It can also be used to set up secure tunnels and VPN networks of devices using openvpn.
All actions must be carefully controlled and authorised by the user, lest it become the SkyNet of the Terminator variety ...
Discussion welcome on how we achieve this. Let's use this as a working page for architecture and design ideas. Just write them below.
Add vpnc support.
Add some sort of profile support; eg if I am at work connected through wifi on the corporate SSID I don't want the Pre to attempt to VPN in to get to work resources, and conversely at home I don't want to tunnel to my home network if I am already attached by wifi.
Service Methods
First we need a means of creating an ssh key-pair, and sending the public key to another device for installation there.
So an atomic service method to create a key-pair, and install the private key. The service method must not give access to the private key.
Then a second service method to return the public key for transmission to the remote device.
Security implications for the key-pair generation service method include denial of service by a rogue mojo app calling the service to create a new private key. This can be countered by a confirmation screen like in the old Java Package Manager Service.
No known security implications for the public key retrieval service method. One assumes that rogue mojo knowledge of a public key is not an issue (it's a public key by definition).