| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <874nk4j580.fsf@rustcorp.com.au>
Date: Mon, 03 Dec 2012 11:56:39 +1030
From: Rusty Russell <rusty@...tcorp.com.au>
To: Mimi Zohar <zohar@...ux.vnet.ibm.com>,
linux-security-module@...r.kernel.org
Cc: Mimi Zohar <zohar@...ux.vnet.ibm.com>,
linux-kernel@...r.kernel.org, Mimi Zohar <zohar@...ibm.com>,
"David Howells" <dhowells@...hat.com>
Subject: Re: [RFC][PATCH 2/2] modsig: differentiate between ephemeral and persistent key names
Mimi Zohar <zohar@...ux.vnet.ibm.com> writes:
> Using the same name for ephemeral and "persistent" keys results
> in deleting the "persistent" key. This patch renames the normal
> kbuild asymmetric key pair name to "default_signing_key" and the
> ephemeral key pair name to "ephemeral_signing_key".
I like the idea: I was always uncomfortable with the mixing of
persistent and temporary keys. But it's a bit misguided, because surely
persistent keys don't belong in the build tree at all.
How about we do something like:
# Default to temporary keys
MODKEYPREFIX = ./temp_signing_key
MODSECKEY = $(MODKEYPREFIX).priv
MODPUBKEY = $(MODKEYPREFIX).x509
Then encourage people to do:
make MODKEYPREFIX=...
We could also use a config option to set the path, but that's probably
less convenient.
Cheers,
Rusty.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists