[Gnuk-users] gnuk vid pid
Srinivas V
vsrinu26f at gmail.com
Thu Oct 19 16:43:07 UTC 2017
I see this as a feature as i can put my own vid pid to make sure any
malicious software is not targeting usb devices based on a particular vid
pid.
Again many talk about performance you can use multiple tokens with same
keys simultaneously on different machines.
(I dont know if multiple tokens with same keys on same machine will be
supported for performance for high volume scenarios)
Gnuk design goal is not about performance. We should not distract here.
On Oct 18, 2017 7:02 AM, <gnuk-users-request at lists.alioth.debian.org> wrote:
Send gnuk-users mailing list submissions to
gnuk-users at lists.alioth.debian.org
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
or, via email, send a message with subject or body 'help' to
gnuk-users-request at lists.alioth.debian.org
You can reach the person managing the list at
gnuk-users-owner at lists.alioth.debian.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of gnuk-users digest..."
Today's Topics:
1. Re: Gnuk 1.2.6 / NeuG 1.0.6 / Chopstx 1.5 / Fraucheky 0.5
(Daniel Kahn Gillmor)
2. Re: [PATCH 0/7] Gnuk: add support for Cortex M4 MCU (NIIBE Yutaka)
----------------------------------------------------------------------
Message: 1
Date: Tue, 17 Oct 2017 23:09:54 -0400
From: Daniel Kahn Gillmor <dkg at fifthhorseman.net>
To: NIIBE Yutaka <gniibe at fsij.org>, Vagrant Cascadian
<vagrant at debian.org>, Gnuk and NeuG
<gnuk-users at lists.alioth.debian.org>
Subject: Re: [Gnuk-users] Gnuk 1.2.6 / NeuG 1.0.6 / Chopstx 1.5 /
Fraucheky 0.5
Message-ID: <87h8uxtam5.fsf at fifthhorseman.net>
Content-Type: text/plain; charset="us-ascii"
On Mon 2017-10-16 10:56:58 +0900, NIIBE Yutaka wrote:
> The agreement is available (it's not FSIJ specific) from USB.org.
oof, what a complicated and annoying arrangement :/
> Is it acceptable for users, my preparing of some tool which generates
> final binary from binary template? I mean, we will distribute binary
> without VID:PID, and it will be an end user who will put the VID:PID
> at the field.
This seems like a sensible way around the problem to me, but i'm not a
lawyer :)
I note that debian already distributes that VID and PID though, right?
Just not in the firmware explicitly:
0 dkg at alice:~$ grep -A1 Gnuk /lib/udev/rules.d/60-scdaemon.rules
## Gnuk Token
SUBSYSTEM=="usb", ATTR{idVendor}=="234b", ATTR{idProduct}=="0000",
ENV{ID_SMARTCARD_READER}="1", ENV{ID_SMARTCARD_READER_DRIVER}="gnupg"
0 dkg at alice:~$
As long as you're not somehow enjoined from shipping this set of four
octets in *any* combination as a result of your agreement with USB-IF
(which seems like it would cause trouble for your work on scdaemon) it
seems fine to me to have a firmware image that ships with a slot
designed to hold the VID:PID, and to have that slot filled in by an
argument to the firmware installer tool.
That would also presumably help us verify the reproducibility of the
Gnuk firmware as well (because we wouldn't see a difference based on
different VID:PID options if the firmware we're shipping has a standard
(fixed) placeholder for those values).
thanks for helping explain this complicated situation!
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/
attachments/20171017/0550d15a/attachment-0001.sig>
------------------------------
Message: 2
Date: Wed, 18 Oct 2017 15:47:10 +0900
From: NIIBE Yutaka <gniibe at fsij.org>
To: Aurelien Jarno <aurelien at aurel32.net>
Cc: Gnuk and NeuG <gnuk-users at lists.alioth.debian.org>
Subject: Re: [Gnuk-users] [PATCH 0/7] Gnuk: add support for Cortex M4
MCU
Message-ID: <87fuahx89d.fsf at iwagami.gniibe.org>
Content-Type: text/plain
Hello,
I applied and pushed your changes. I added ChangeLog entry, so that
tar.gz source code distribution of Gnuk can be compliant to GPL for
PolarSSL.
Please note that Chopstx is not copyrighted by FSIJ. Individuals
can keep their own copyright.
Simply put (along with the agreement to USB-IF),
In the front line to the people in hardware industry and its mind
set of product liability, FSIJ needs to insist Gnuk is under full
control of the organization.
For me, attitude of some people who don't care about (supply chain of)
software technology is questionable, but it seems that dependency to
compiler, operating system, and libraries by external entities is OK,
according to a practice of (some of hardware) people.
It seems that the term "security hardware" matters for some people.
Aurelien Jarno <aurelien at aurel32.net> wrote:
> Yes, at least the ChaosKey is using the Openmoko VID. As far as I know
> they use the fact that they signed the agreement with USB-IF *before*
> transfers or subassignments were prohibited. That's also how pid.codes
> [0] offers PID to free software projects.
>
> [0] http://pid.codes
Thank for the information. I didn't know that. Today, I found
more naughty one: https://f055.io/
I also find this one today:
https://www.mcselec.com/index.php?page=shop.product_details&
flypage=shop.flypage&product_id=92&option=com_phpshop&Itemid=1
It seems that selling is more risky.
> Do you think it would be possible to allow any PID with VID 6666 which
> is for the prototype product vendor ID? It's of course not possible to
> sell a device with such an ID, nor it would be possible for Debian to
> distribute binaries with such an ID. On the other hand it's very useful
> for personal use, and I use that for many of my other personal projects.
If it works, it's OK, but vi-vi-vi-vi sounds like curse to Emacs users.
I'm not sure if the VID is guaranteed by USB IF. USB IF's offcial
answer seems to be "please ask for VID assignment for prototype
product".
--
In September 2013, Abe told Olympic dignitaries in Buenos Aires in an
address that helped Tokyo win the 2020 Games:
"Let me assure you the situation is under control."
------------------------------
Subject: Digest Footer
_______________________________________________
gnuk-users mailing list
gnuk-users at lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
------------------------------
End of gnuk-users Digest, Vol 99, Issue 3
*****************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/gnuk-users/attachments/20171019/2ed1114a/attachment.html>
More information about the gnuk-users
mailing list