From: Hans Reiser <reiser@namesys.com>
To: Gregory Maxwell <gmaxwell@gmail.com>
Cc: Edward Shishkin <edward@namesys.com>,
Reiserfs developers mail-list <Reiserfs-Dev@namesys.com>,
Reiserfs List <reiserfs-list@namesys.com>,
Nate Diller <ndiller@namesys.com>
Subject: Re: Basic interface for key management in reiser4 (DRAFT)
Date: Thu, 18 Aug 2005 22:17:50 -0700 [thread overview]
Message-ID: <43056B7E.6030500@namesys.com> (raw)
In-Reply-To: <e692861c05081821185566955d@mail.gmail.com>
I think it would make sense to put the keys as files in /proc:
e.g.
touch /proc/1/keys/private/"0893410984328098094321"
would give init (aka process with id of 1) a new key that its children
would not inherit
touch /proc/1/keys/inheritable/"1893410984328098094321"
would give init a new key that is children WOULD inherit.
Not sure what the permissions on that keys directory would be, I guess 700.
Hans
Gregory Maxwell wrote:
>On 8/18/05, Hans Reiser <reiser@namesys.com> wrote:
>
>
>>but the idea is to use keys instead of standard unix permissions....
>>
>>I think you need to store keys in a per process place, and allow
>>specifying whether children of a process inherit the keys somehow.
>>
>>
>
>Oh, slick!
>
>I did not previously catch what the advantage would be to using crypto
>in the FS rather than just a crypted block device... minus some non
>critical niceties (like being able to use a random & per file IV is
>good from a security perspective.).
>
>Now I see what is possible, and I'm really excited.
>
>It will be interesting to see how a system with many keys performs..
>most fast implementations of most crypto algs need a computationally
>expensive key setup which produces a fairly large working set of
>constants for encryption/decryption.
>
>With a per process structure there should be a way to revoke all
>instances of a key from all the other running processes that carry
>it.. or at least all processes of a specific user. Otherwise it will
>be too easy to accidental leave keys laying around.
>
>This per process crypto in the FS fits very nicely with a lot of the
>other recent security advances in the Linux world.
>
>Thanks for something new and exciting to talk about with my Linux
>using friends! :)
>
>
>
>
next prev parent reply other threads:[~2005-08-19 5:17 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-08-17 14:50 Basic interface for key management in reiser4 (DRAFT) Edward Shishkin
2005-08-17 19:52 ` Hans Reiser
2005-08-18 18:33 ` Edward Shishkin
2005-08-19 0:30 ` Hans Reiser
2005-08-19 4:18 ` Gregory Maxwell
2005-08-19 5:17 ` Hans Reiser [this message]
2005-08-19 7:16 ` Gregory Maxwell
2005-08-19 14:56 ` Edward Shishkin
2005-08-19 11:43 ` Edward Shishkin
2005-08-19 14:48 ` Gregory Maxwell
2005-08-19 10:45 ` Edward Shishkin
2005-08-23 15:48 ` Edward Shishkin
2005-08-24 0:52 ` Hans Reiser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43056B7E.6030500@namesys.com \
--to=reiser@namesys.com \
--cc=Reiserfs-Dev@namesys.com \
--cc=edward@namesys.com \
--cc=gmaxwell@gmail.com \
--cc=ndiller@namesys.com \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.