Re: [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]

From: H. Peter Anvin
Date: Mon Dec 05 2011 - 06:32:26 EST

Next message: Alan Cox: "Re: [PATCH] drivers:usb:serial:ftdi_sio.c: ftdi_set_termios make nosense some in a situation"
Previous message: Alan Cox: "Re: [PATCH] serial: bfin-uart: Request CTS GPIO PIN when the serialdevice starts up."
Next in thread: David Howells: "Re: [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/29/2011 03:42 PM, David Howells wrote:
>
> I have provided a couple of subtypes: DSA and RSA. Both types have signature
> verification facilities available within the kernel, and both can be used for
> module signature verification with any encryption algorithm known by the PGP
> parser, provided the appropriate algorithm is compiled directly into the
> kernel.
>

Do we really need the complexity of a full OpenPGP parser? Parsers are
notorious security problems. Furthermore, using DSA in anything but a
hard legacy application is not something you want to encourage, so why
support DSA?

-hpa
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Cox: "Re: [PATCH] drivers:usb:serial:ftdi_sio.c: ftdi_set_termios make nosense some in a situation"
Previous message: Alan Cox: "Re: [PATCH] serial: bfin-uart: Request CTS GPIO PIN when the serialdevice starts up."
Next in thread: David Howells: "Re: [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]