Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: H. Peter Anvin <h.peter.anvin <at> intel.com>
Subject: Re: [RFC][PATCH 00/16] Crypto keys and module signing [ver #2]
Newsgroups: gmane.linux.kernel.lsm
Date: Monday 5th December 2011 11:32:13 UTC (over 5 years ago)
On 11/29/2011 03:42 PM, David Howells wrote:
> 
> I have provided a couple of subtypes: DSA and RSA.  Both types have
signature
> verification facilities available within the kernel, and both can be used
for
> module signature verification with any encryption algorithm known by the
PGP
> parser, provided the appropriate algorithm is compiled directly into the
> kernel.
> 

Do we really need the complexity of a full OpenPGP parser?  Parsers are
notorious security problems.  Furthermore, using DSA in anything but a
hard legacy application is not something you want to encourage, so why
support DSA?

	-hpa
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
 
CD: 3ms