| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Sep 2012 08:27:07 +0200
From: Geert Uytterhoeven <geert@...ux-m68k.org>
To: Rusty Russell <rusty@...tcorp.com.au>
Cc: David Howells <dhowells@...hat.com>, herbert@...dor.hengli.com.au,
pjones@...hat.com, jwboyer@...hat.com,
linux-crypto@...r.kernel.org,
linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org, keyrings@...ux-nfs.org
Subject: Re: [GIT PULL] Asymmetric keys and module signing
On Wed, Sep 26, 2012 at 5:46 AM, Rusty Russell <rusty@...tcorp.com.au> wrote:
> You previously wrote:
>> You can't compare them that easily. One has a FIPS-mode panic and the other
>> doesn't. Do we want to panic if we reject an unsigned module in enforcing
>> mode when we're in FIPS mode?
>
> It's a line ball, but I think consistency wins. Not a validly signed
> module => panic.
Just wondering, what's the advantage of doing panic over just
rejecting the module?
Panic is a DoS?
Gr{oetje,eeting}s,
Geert
--
Geert Uytterhoeven -- There's lots of Linux beyond ia32 -- geert@...ux-m68k.org
In personal conversations with technical people, I call myself a hacker. But
when I'm talking to journalists I just say "programmer" or something like that.
-- Linus Torvalds
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists