From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S266126AbUHIP5p (ORCPT ); Mon, 9 Aug 2004 11:57:45 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S266730AbUHIPyn (ORCPT ); Mon, 9 Aug 2004 11:54:43 -0400 Received: from the-village.bc.nu ([81.2.110.252]:39881 "EHLO localhost.localdomain") by vger.kernel.org with ESMTP id S266666AbUHIPyS (ORCPT ); Mon, 9 Aug 2004 11:54:18 -0400 Subject: Re: [PATCH] implement in-kernel keys & keyring management From: Alan Cox To: Linus Torvalds Cc: James Morris , David Howells , akpm@osdl.org, Linux Kernel Mailing List , arjanv@redhat.com, dwmw2@infradead.org, greg@kroah.com, Chris Wright , sfrench@samba.org, mike@halcrow.us, Trond Myklebust , Kyle Moffett In-Reply-To: References: Content-Type: text/plain Content-Transfer-Encoding: 7bit Message-Id: <1092063060.14152.28.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Mon, 09 Aug 2004 15:51:02 +0100 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org On Llu, 2004-08-09 at 05:27, Linus Torvalds wrote: > But at least to me, the /sbin/request-key thing is more like loading a > module. You might do it to mount a filesystem or read an encrypted volume, > but you wouldn't do it in the "normal" workload. It's a major event. The BSD networking PF_KEY does exactly this for IPsec sockets. Coupled with a cache it seems to work rather well. In fact is there a reason for not using PF_KEY - other than /sbin/hotplug being cleaner ?