Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer mathslibrary

[Arjan van de Ven]

>  I don't know the right answer 
> for the particular math library question, but I have not seen the 
> typical argument considered about whether a user space implementation of 
> this paticular function could deadlock 

it's not that kind of thing. It's basically a public key encryption
step. Putting it in the kernel can only serve one purpose: to be there
to allow other parts to use this pke for encrypting/signing/verifying
signatures. 

The keyring stuff is in the kernel for three reasons:
1) to have a secure "vault" for keys, so that userspace doesn't need to
store secret keys and manage them securely; this requires that certain
operations on these keys also happen in the kernel
2) to make session management of keys easier. Yes you can do that in
userspace too but it's a mess (ssh-agent, while it works, isn't really
it)
3) to allow kernel pieces to do key things, like the secure nfs parts of
nfsv4 or ipsec.



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/