[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YaEA0fyowmFlDfmK@kroah.com>
Date: Fri, 26 Nov 2021 16:44:17 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Simo Sorce <simo@...hat.com>
Cc: "Jason A. Donenfeld" <Jason@...c4.com>,
Stephan Müller <smueller@...onox.de>,
Tso Ted <tytso@....edu>, linux-crypto@...r.kernel.org,
Willy Tarreau <w@....eu>, Nicolai Stange <nstange@...e.de>,
LKML <linux-kernel@...r.kernel.org>,
Arnd Bergmann <arnd@...db.de>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
"Alexander E. Patrakov" <patrakov@...il.com>,
"Ahmed S. Darwish" <darwish.07@...il.com>,
Matthew Garrett <mjg59@...f.ucam.org>,
Vito Caputo <vcaputo@...garu.com>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>, Ray Strode <rstrode@...hat.com>,
William Jon McCann <mccann@....edu>,
zhangjs <zachary@...shancloud.com>,
Andy Lutomirski <luto@...nel.org>,
Florian Weimer <fweimer@...hat.com>,
Lennart Poettering <mzxreary@...inter.de>,
Peter Matthias <matthias.peter@....bund.de>,
Marcelo Henrique Cerri <marcelo.cerri@...onical.com>,
Neil Horman <nhorman@...hat.com>,
Randy Dunlap <rdunlap@...radead.org>,
Julia Lawall <julia.lawall@...ia.fr>,
Dan Carpenter <dan.carpenter@...cle.com>,
Andy Lavr <andy.lavr@...il.com>,
Eric Biggers <ebiggers@...nel.org>,
Petr Tesarik <ptesarik@...e.cz>,
John Haxby <john.haxby@...cle.com>,
Alexander Lobakin <alobakin@...lbox.org>,
Jirka Hladky <jhladky@...hat.com>
Subject: Re: [PATCH v43 01/15] Linux Random Number Generator
On Mon, Nov 22, 2021 at 09:59:01AM -0500, Simo Sorce wrote:
> Jason,
> have you previously produced a list of reasoned concerns with this
> patchset and direction?
>
> This specific email is not really useful to me to understand the
> concerns as it does not contain actionable suggestion or critique.
>
> I personally find the direction fine, and with my distribution hat on I
> can say that FIPS is essential for us and any design must include an
> option to be FIPS certifiable.
>
> As NIST keeps improving their testing capabilities and rigorous
> cryptographic design of the CSPRNGs as well as entropy sources the
> kernel must also adapt.
>
> Stephan is providing a path forward, and I haven't seen any other
> proposal, let alone code, that provide improvements in this area.
> I am pretty sure the design can be improved if there is detailed and
> actionable feedback on what to change.
>
> I hope the path forward can be one of collaboration rather then mere
> opposition.
Replacement of the existing code to cut over to the new one is not
collaboration, it's the exact opposite.
Submitting patches to the existing codebase to implement the
"requirements" is the proper way forward, why has that never been done.
Remember, evolution is the correct way of kernel development, not
intelligent design :)
thanks,
greg k-h
Powered by blists - more mailing lists