| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0e70574bfae43ce939d67e89c858f303ae7ac204.camel@linux.ibm.com>
Date: Mon, 16 Jun 2025 16:30:05 -0400
From: Mimi Zohar <zohar@...ux.ibm.com>
To: David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org,
Jarkko
Sakkinen <jarkko@...nel.org>, Steve French <sfrench@...ba.org>,
Chuck Lever
<chuck.lever@...cle.com>
Cc: Paulo Alcantara <pc@...guebit.org>,
Herbert Xu
<herbert@...dor.apana.org.au>,
Jeffrey Altman <jaltman@...istor.com>, hch@...radead.org,
linux-afs@...ts.infradead.org, linux-nfs@...r.kernel.org,
linux-cifs@...r.kernel.org, linux-security-module@...r.kernel.org,
linux-fsdevel@...r.kernel.org, linux-crypto@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC] Keyrings: How to make them more useful
On Thu, 2025-06-12 at 13:36 +0100, David Howells wrote:
[ ...]
> (4) I think the keyring ACLs idea need to be revived. We have a whole bunch
> of different keyrings, each with a specific 'domain' of usage for the
> keys contained therein for checking signatures on things. Can we reduce
> this to one keyring and use ACLs to declare the specific purposes for
> which a key may be used or the specific tasks that may use it? Use
> special subject IDs (ie. not simply UIDs/GIDs) to mark this.
David, which keyrings are you referring to? What do you mean by 'domain' of
usage? At what level of granularity are you thinking of? This needs to be
describe in more detail.
thanks,
Mimi
Powered by blists - more mailing lists