From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@vger.kernel.org, linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH 0/7] KEYS: Adjust public key signature handling
Date: Wed, 02 Mar 2016 07:10:27 -0500 [thread overview]
Message-ID: <1456920627.2780.60.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20160229182136.27797.75917.stgit@warthog.procyon.org.uk>
Hi David,
On Mon, 2016-02-29 at 18:21 +0000, David Howells wrote:
> These patches do the following:
>
> (1) Retain a signature in an asymmetric-type key and associate with it the
> identifiers that will match a key that can be used to verify it.
>
> (2) Differentiate an X.509 cert that cannot be used versus one that cannot
> be verified due to unavailable crypto. This is noted in the
> structures involved.
>
> (3) Determination of the self-signedness of an X.509 cert is improved to
> include checks on the subject/issuer names and the key
> algorithm/signature algorithm types.
>
> (4) Self-signed X.509 certificates are consistency checked early on if the
> appropriate crypto is available.
>
> This set of patches is a prelude to a set that changes how trustworthiness
> is determined.
These patches don't apply directly on top of linux-security. Maybe
they apply on top of an updated version of the "X.509: Software public
key subtype changes" patch set. In which branch are these patches?
thanks,
Mimi
next prev parent reply other threads:[~2016-03-02 12:11 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-29 18:21 [RFC PATCH 0/7] KEYS: Adjust public key signature handling David Howells
2016-02-29 18:21 ` [RFC PATCH 1/7] X.509: Whitespace cleanup David Howells
2016-02-29 18:21 ` [RFC PATCH 2/7] KEYS: Allow authentication data to be stored in an asymmetric key David Howells
2016-02-29 18:21 ` [RFC PATCH 3/7] KEYS: Add identifier pointers to public_key_signature struct David Howells
2016-02-29 18:22 ` [RFC PATCH 4/7] X.509: Retain the key verification data David Howells
2016-02-29 18:22 ` [RFC PATCH 5/7] PKCS#7: Make the signature a pointer rather than embedding it David Howells
2016-02-29 18:22 ` [RFC PATCH 6/7] X.509: Extract signature digest and make self-signed cert checks earlier David Howells
2016-02-29 18:22 ` [RFC PATCH 7/7] There's a bug in the code determining whether a certificate is self-signed David Howells
2016-03-02 12:10 ` Mimi Zohar [this message]
2016-03-02 12:24 ` [RFC PATCH 0/7] KEYS: Adjust public key signature handling David Howells
2016-03-02 15:00 ` Mimi Zohar
2016-03-04 11:22 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1456920627.2780.60.camel@linux.vnet.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=dhowells@redhat.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.