From: "David Härdeman" <david@2gen.com>
To: Trond Myklebust <trond.myklebust@fys.uio.no>
Cc: Adrian Bunk <bunk@stusta.de>,
Christoph Hellwig <hch@infradead.org>,
keyrings@linux-nfs.org, linux-kernel@vger.kernel.org
Subject: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library
Date: Sun, 29 Jan 2006 12:33:20 +0100 [thread overview]
Message-ID: <20060129113320.GA21386@hardeman.nu> (raw)
In-Reply-To: <1138504829.8770.125.camel@lade.trondhjem.org>
On Sat, Jan 28, 2006 at 10:20:29PM -0500, Trond Myklebust wrote:
>On Sat, 2006-01-28 at 17:57 +0100, David Härdeman wrote:
>> What about the first paragraph of what I wrote? You are going to want to
>> keep often-used keys around somehow, proxy certificates is not a
>> solution for your own use of your personal keys and with the exception
>> of hardware solutions such as smart cards, the keys will be safer in the
>> kernel than in a user-space daemon...
>
>I don't get this explanation at all.
>
>Why would you want to use proxy certificates for you own use? Use your
>own certificate for your own processes, and issue one or more proxy
>certificates to any daemon that you want to authorise to do some limited
>task.
I meant that you can't use proxy certs for your own use, so you still need
to store your own cert/key somehow...and I still believe that the kernel
keyring is the best place...
>...and what does this statement about "keys being safer in the kernel"
>mean?
swap-out to disk, ptrace, coredump all become non-issues. And in
combination with some other security features (such as disallowing
modules, read/write of /dev/mem + /dev/kmem, limited permissions via
SELinux, etc), it becomes pretty hard for the attacker to get your
private key even if he/she manages to get access to the root account.
>> Further, the mpi and dsa code can also be used for supporting signed
>> modules and binaries...the "store dsa-keys in kernel" part adds 376
>> lines of code (counted with wc so comments and includes etc are also
>> counted)...
>
>Signed modules sounds like a better motivation, but is a full dsa
>implementation in the kernel really necessary to achieve this?
How would you do it otherwise?
Re,
David
next prev parent reply other threads:[~2006-01-29 11:34 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-01-26 21:58 [PATCH 00/04] Add DSA key type David Härdeman
2006-01-26 21:58 ` [PATCH 02/04] Add dsa crypto ops David Härdeman
2006-01-26 21:58 ` [PATCH 03/04] Add encryption ops to the keyctl syscall David Härdeman
2006-01-26 21:58 ` [PATCH 01/04] Add multi-precision-integer maths library David Härdeman
2006-01-27 9:28 ` Christoph Hellwig
2006-01-27 20:07 ` David Howells
2006-01-27 20:41 ` David Härdeman
2006-01-27 22:19 ` [Keyrings] " Trond Myklebust
2006-01-27 23:35 ` Kyle Moffett
2006-01-28 0:27 ` Adrian Bunk
2006-01-28 3:45 ` Trond Myklebust
2006-01-28 7:17 ` Kyle Moffett
2006-01-28 10:39 ` Adrian Bunk
2006-01-28 0:22 ` Adrian Bunk
2006-01-28 10:46 ` David Härdeman
2006-01-28 13:03 ` Adrian Bunk
2006-01-28 17:09 ` David Härdeman
2006-01-28 16:37 ` [Keyrings] " Trond Myklebust
2006-01-28 16:57 ` David Härdeman
2006-01-29 3:20 ` Trond Myklebust
2006-01-29 11:33 ` David Härdeman [this message]
2006-01-29 12:29 ` Adrian Bunk
2006-01-29 13:09 ` Arjan van de Ven
2006-01-29 20:05 ` Steve French
2006-01-29 20:52 ` Arjan van de Ven
2006-01-29 21:41 ` Steve French
2006-02-06 12:31 ` David Howells
2006-01-29 23:18 ` Adrian Bunk
2006-01-29 13:18 ` David Härdeman
2006-01-29 23:36 ` Adrian Bunk
2006-01-30 18:09 ` Nix
2006-01-29 16:38 ` Trond Myklebust
2006-01-29 18:49 ` Dax Kelson
2006-01-29 19:10 ` Trond Myklebust
2006-01-29 21:29 ` David Härdeman
2006-01-29 21:46 ` Trond Myklebust
2006-01-29 21:13 ` David Härdeman
2006-01-29 21:28 ` Trond Myklebust
2006-01-29 22:02 ` David Härdeman
2006-01-29 22:05 ` Trond Myklebust
2006-01-29 22:54 ` Kyle Moffett
2006-01-29 23:07 ` Trond Myklebust
2006-01-29 23:15 ` Adrian Bunk
2006-01-29 21:09 ` Pavel Machek
2006-01-26 21:58 ` [PATCH 04/04] Add dsa key type David Härdeman
2006-01-27 1:10 ` [PATCH 00/04] Add DSA " Herbert Xu
2006-01-27 7:18 ` David Härdeman
2006-01-27 20:11 ` David Howells
2006-01-27 23:22 ` Herbert Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060129113320.GA21386@hardeman.nu \
--to=david@2gen.com \
--cc=bunk@stusta.de \
--cc=hch@infradead.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-kernel@vger.kernel.org \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.