From: "H. Peter Anvin" <h.peter.anvin@intel.com>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@linux-nfs.org, linux-crypto@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, dmitry.kasatkin@intel.com,
zohar@linux.vnet.ibm.com, arjan.van.de.ven@intel.com,
alan.cox@intel.com
Subject: Re: [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]
Date: Mon, 05 Dec 2011 03:32:13 -0800 [thread overview]
Message-ID: <4EDCABBD.9020401@intel.com> (raw)
In-Reply-To: <20111129234258.13625.21153.stgit@warthog.procyon.org.uk>
On 11/29/2011 03:42 PM, David Howells wrote:
>
> I have provided a couple of subtypes: DSA and RSA. Both types have signature
> verification facilities available within the kernel, and both can be used for
> module signature verification with any encryption algorithm known by the PGP
> parser, provided the appropriate algorithm is compiled directly into the
> kernel.
>
Do we really need the complexity of a full OpenPGP parser? Parsers are
notorious security problems. Furthermore, using DSA in anything but a
hard legacy application is not something you want to encourage, so why
support DSA?
-hpa
next prev parent reply other threads:[~2011-12-05 11:32 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-29 23:42 [RFC][PATCH 00/16] Crypto keys and module signing [ver #2] David Howells
2011-11-29 23:43 ` [PATCH 01/16] MPILIB: Export some more symbols " David Howells
2011-11-29 23:43 ` [PATCH 02/16] MPILIB: Add a missing ENOMEM check " David Howells
2011-11-30 15:28 ` Serge Hallyn
2011-11-30 17:00 ` David Howells
2011-11-29 23:43 ` [PATCH 03/16] KEYS: Permit key_serial() to be called with a const key pointer " David Howells
2011-11-29 23:43 ` [PATCH 04/16] PGP: Add definitions (RFC 4880) and packet parser " David Howells
2011-12-04 16:03 ` Ben Hutchings
2011-12-05 11:21 ` David Howells
2011-11-29 23:44 ` [PATCH 05/16] KEYS: Create a key type that can be used for general cryptographic operations " David Howells
2011-11-29 23:44 ` [PATCH 06/16] KEYS: Add a DSA crypto key subtype " David Howells
2011-11-29 23:44 ` [PATCH 07/16] KEYS: Add a RSA " David Howells
2011-11-29 23:44 ` [PATCH 08/16] PGP: Add signature parser " David Howells
2011-11-29 23:44 ` [PATCH 09/16] KEYS: Add signature verification facility " David Howells
2011-11-29 23:45 ` [PATCH 10/16] KEYS: DSA key signature verification " David Howells
2011-11-29 23:45 ` [PATCH 11/16] KEYS: RSA " David Howells
2011-11-29 23:45 ` [PATCH 12/16] KEYS: Add a crypto key request function " David Howells
2011-11-29 23:45 ` [PATCH 13/16] KEYS: Provide a function to load keys from a PGP keyring blob " David Howells
2011-11-29 23:45 ` [PATCH 14/16] MODSIGN: Add indications of module ELF types " David Howells
2011-11-29 23:46 ` [PATCH 15/16] MODSIGN: Module ELF verifier " David Howells
2011-11-29 23:46 ` [PATCH 16/16] MODSIGN: Apply signature checking to modules on module load " David Howells
2011-11-30 11:01 ` [RFC][PATCH 00/16] Crypto keys and module signing " Greg KH
2011-12-05 11:32 ` H. Peter Anvin [this message]
2011-12-05 11:43 ` David Howells
2011-12-06 0:54 ` [Keyrings] " James Morris
2011-12-07 14:29 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EDCABBD.9020401@intel.com \
--to=h.peter.anvin@intel.com \
--cc=alan.cox@intel.com \
--cc=arjan.van.de.ven@intel.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.