Re: [PATCH 3/4] module: search the key only by keyid

From: David Howells
Date: Fri Oct 03 2014 - 09:40:36 EST

Next message: Konrad Rzeszutek Wilk: "Re: [PATCH v3 0/5] enhance DMA CMA on x86"
Previous message: Chuck Ebbert: "Re: [tip:x86/asm] x86: Speed up ___preempt_schedule*() by using THUNK helpers"
In reply to: Dmitry Kasatkin: "Re: [PATCH 3/4] module: search the key only by keyid"
Next in thread: Dmitry Kasatkin: "Re: [PATCH 3/4] module: search the key only by keyid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dmitry Kasatkin <d.kasatkin@xxxxxxxxxxx> wrote:

> BTW. But actually why signer is needed to find the key?
> Every key has unique fingerprint.

The SKID is by no means guaranteed unique, is not mandatory and has no defined
algorithm for generating it.

> Or you say that different certificates might have the same PK?
> What I would consider strange. But anyway, if PK is the same, then
> verification succeed.

Do note: We *do* need to get away from using SKIDs. We have situations where
we have to use a key that doesn't have one.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Konrad Rzeszutek Wilk: "Re: [PATCH v3 0/5] enhance DMA CMA on x86"
Previous message: Chuck Ebbert: "Re: [tip:x86/asm] x86: Speed up ___preempt_schedule*() by using THUNK helpers"
In reply to: Dmitry Kasatkin: "Re: [PATCH 3/4] module: search the key only by keyid"
Next in thread: Dmitry Kasatkin: "Re: [PATCH 3/4] module: search the key only by keyid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]