Re: [PATCH] implement in-kernel keys & keyring management

From: Linus Torvalds
Date: Sun Aug 08 2004 - 00:26:29 EST




On Sun, 8 Aug 2004, James Morris wrote:
>
> I would suggest that the /sbin/request-key interface be done via Netlink
> messaging instead. The kernel would generate key create and key update
> messages, to which userpace daemons can respond (similar to e.g. pfkey
> acquire). I think these messages need to be tagged with the key 'type',
> so that the userspace code knows what to generate keys for.

I really disagree.

If you want to use netlink, do so. But do it from the /sbin/request-key
script or binary.

I've never seen a good binary deamon listening for things. It's a horrible
interface. It's undebuggable, it's inflexible, and it's just plain nasty.

I'm just looking at how _well_ /sbin/hotplug has worked out. I believe
that it would have been a disaster done with a binary messaging setup.

Linus
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/