From: "H. Peter Anvin" <h.peter.anvin@intel.com>
To: David Howells <dhowells@redhat.com>
Cc: keyrings@linux-nfs.org, linux-crypto@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, dmitry.kasatkin@intel.com,
zohar@linux.vnet.ibm.com, arjan.van.de.ven@intel.com,
alan.cox@intel.com
Subject: Re: [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]
Date: Mon, 05 Dec 2011 03:32:13 -0800 [thread overview]
Message-ID: <4EDCABBD.9020401@intel.com> (raw)
In-Reply-To: <20111129234258.13625.21153.stgit@warthog.procyon.org.uk>
On 11/29/2011 03:42 PM, David Howells wrote:
>
> I have provided a couple of subtypes: DSA and RSA. Both types have signature
> verification facilities available within the kernel, and both can be used for
> module signature verification with any encryption algorithm known by the PGP
> parser, provided the appropriate algorithm is compiled directly into the
> kernel.
>
Do we really need the complexity of a full OpenPGP parser? Parsers are
notorious security problems. Furthermore, using DSA in anything but a
hard legacy application is not something you want to encourage, so why
support DSA?
-hpa
next prev parent reply other threads:[~2011-12-05 11:32 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-29 23:42 [RFC][PATCH 00/16] Crypto keys and module signing [ver #2] David Howells
2011-11-29 23:43 ` [PATCH 01/16] MPILIB: Export some more symbols " David Howells
2011-11-29 23:43 ` [PATCH 02/16] MPILIB: Add a missing ENOMEM check " David Howells
2011-11-30 15:28 ` Serge Hallyn
2011-11-30 17:00 ` David Howells
2011-11-29 23:43 ` [PATCH 03/16] KEYS: Permit key_serial() to be called with a const key pointer " David Howells
2011-11-29 23:43 ` [PATCH 04/16] PGP: Add definitions (RFC 4880) and packet parser " David Howells
2011-12-04 16:03 ` Ben Hutchings
2011-12-05 11:21 ` David Howells
2011-11-29 23:44 ` [PATCH 05/16] KEYS: Create a key type that can be used for general cryptographic operations " David Howells
2011-11-29 23:44 ` [PATCH 06/16] KEYS: Add a DSA crypto key subtype " David Howells
2011-11-29 23:44 ` [PATCH 07/16] KEYS: Add a RSA " David Howells
2011-11-29 23:44 ` [PATCH 08/16] PGP: Add signature parser " David Howells
2011-11-29 23:44 ` [PATCH 09/16] KEYS: Add signature verification facility " David Howells
2011-11-29 23:45 ` [PATCH 10/16] KEYS: DSA key signature verification " David Howells
2011-11-29 23:45 ` [PATCH 11/16] KEYS: RSA " David Howells
2011-11-29 23:45 ` [PATCH 12/16] KEYS: Add a crypto key request function " David Howells
2011-11-29 23:45 ` [PATCH 13/16] KEYS: Provide a function to load keys from a PGP keyring blob " David Howells
2011-11-29 23:45 ` [PATCH 14/16] MODSIGN: Add indications of module ELF types " David Howells
2011-11-29 23:46 ` [PATCH 15/16] MODSIGN: Module ELF verifier " David Howells
2011-11-29 23:46 ` [PATCH 16/16] MODSIGN: Apply signature checking to modules on module load " David Howells
2011-11-30 11:01 ` [RFC][PATCH 00/16] Crypto keys and module signing " Greg KH
2011-12-05 11:32 ` H. Peter Anvin [this message]
2011-12-05 11:43 ` David Howells
2011-12-06 0:54 ` [Keyrings] " James Morris
2011-12-07 14:29 ` David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EDCABBD.9020401@intel.com \
--to=h.peter.anvin@intel.com \
--cc=alan.cox@intel.com \
--cc=arjan.van.de.ven@intel.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@intel.com \
--cc=keyrings@linux-nfs.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox