LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Re: [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]

[Posted December 7, 2011 by jake]

From:  "H. Peter Anvin" <h.peter.anvin-AT-intel.com>
To:  David Howells <dhowells-AT-redhat.com>
Subject:  Re: [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]
Date:  Mon, 05 Dec 2011 03:32:13 -0800
Message-ID:  <4EDCABBD.9020401@intel.com>
Cc:  keyrings-AT-linux-nfs.org, linux-crypto-AT-vger.kernel.org, linux-security-module-AT-vger.kernel.org, linux-kernel-AT-vger.kernel.org, dmitry.kasatkin-AT-intel.com, zohar-AT-linux.vnet.ibm.com, arjan.van.de.ven-AT-intel.com, alan.cox-AT-intel.com
Archive-link:  Article, Thread 

On 11/29/2011 03:42 PM, David Howells wrote:
> 
> I have provided a couple of subtypes: DSA and RSA.  Both types have signature
> verification facilities available within the kernel, and both can be used for
> module signature verification with any encryption algorithm known by the PGP
> parser, provided the appropriate algorithm is compiled directly into the
> kernel.
> 

Do we really need the complexity of a full OpenPGP parser?  Parsers are
notorious security problems.  Furthermore, using DSA in anything but a
hard legacy application is not something you want to encourage, so why
support DSA?

	-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
(Log in to post comments)

Copyright © 2011, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds