| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <19985.1542026635@warthog.procyon.org.uk>
Date: Mon, 12 Nov 2018 12:43:55 +0000
From: David Howells <dhowells@...hat.com>
To: Roberto Sassu <roberto.sassu@...wei.com>
Cc: dhowells@...hat.com, dwmw2@...radead.org,
herbert@...dor.apana.org.au, davem@...emloft.net,
keyrings@...r.kernel.org, linux-crypto@...r.kernel.org,
linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org,
silviu.vlasceanu@...wei.com
Subject: Re: [RFC][PATCH 08/12] KEYS: PGP-based public key signature verification
Roberto Sassu <roberto.sassu@...wei.com> wrote:
> - switch from session to user keyring (Roberto Sassu)
> - search user keyring only if no keyring was provided, so that the
> trustworthiness of the signature depends on the type of keyring
> containing the key used for signature verification (Roberto Sassu)
Er. No. You should search the session keyring. This may contain a link to
the user keyring (pam_keyinit emplaces one).
You need to consider what it is that the patch trying to achieve.
David
Powered by blists - more mailing lists