mux/register [signer]
Description
The register command contacts a 'signer' host and obtains an authenticated certificate based on the contents of /nvfs/ID (the set-top-box-id in non-volatile memory). The certificate is deposited in file /nvfs/default for later use.
The 'signer' host contacted is defined by signer, the first option to the command. If missing, the 'signer' defined by the /services/cs/db file is used.
There are several phases to obtaining the certificate:
- First, the register command interacts with the 'signer daemon' (the thread listening on the infsigner port on the 'signer' host) to construct the certificate. This certificate is 'blinded' by a random bit mask, sent back to the register command and displayed textually or graphically, as appropriate.
- The user running the register command must contact a human agent at the 'signer' host by an independent, secure mechanism (for example, a telephone call). The agent at the 'signer' host there runs the verify command (see verify - command to authenticate receiver of blinded certificate) to display the same 'blinded' certificate being displayed to the user of register on the client. Once the agent is convinced that the 'blinded' certificate has been delivered to the correct party, the agent tells verify to accept the identify of the caller.
- The register command contacts the 'countersigner' daemon (the thread listening on the infcsigner port of the 'signer' host) to obtain the bitmask needed to 'unblind' the previously received certificate. This step can only be validly performed after the completion of the verify command on the 'signer' host.
Files
See Also
infernosupport@lucent.com
Copyright © 1996,Lucent Technologies, Inc. All rights
reserved.