Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer mathslibrary

From: Trond Myklebust
Date: Fri Jan 27 2006 - 22:44:01 EST

Next message: Andrew Morton: "Re: [patch 09/12] Mask off GFP flags before swiotlb_alloc_coherent"
Previous message: Nathan Lynch: "Re: 2.6.16 - sys_sched_getaffinity & hotplug"
In reply to: Adrian Bunk: "Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library"
Next in thread: Kyle Moffett: "Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2006-01-27 at 18:35 -0500, Kyle Moffett wrote:

> No, the point is not to put the backup daemon into the kernel, but to
> provide a way for the backup daemon and my user process to
> communicate DSA key details without completely giving the backup
> daemon my key. I may not entirely trust the backup daemon not to get
> compromised, but with support for the kernel keyring system,
> compromising the backup daemon would only compromise the backed up
> files, not the private keys and other secure data.

This sort of thing is implemented routinely in user space by means of
proxy tickets/certificates/credentials. What makes them insufficient for
this use?

Cheers,
Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [patch 09/12] Mask off GFP flags before swiotlb_alloc_coherent"
Previous message: Nathan Lynch: "Re: 2.6.16 - sys_sched_getaffinity & hotplug"
In reply to: Adrian Bunk: "Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library"
Next in thread: Kyle Moffett: "Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]