Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer mathslibrary
From: Trond Myklebust
Date: Fri Jan 27 2006 - 22:44:01 EST
On Fri, 2006-01-27 at 18:35 -0500, Kyle Moffett wrote:
> No, the point is not to put the backup daemon into the kernel, but to
> provide a way for the backup daemon and my user process to
> communicate DSA key details without completely giving the backup
> daemon my key. I may not entirely trust the backup daemon not to get
> compromised, but with support for the kernel keyring system,
> compromising the backup daemon would only compromise the backed up
> files, not the private keys and other secure data.
This sort of thing is implemented routinely in user space by means of
proxy tickets/certificates/credentials. What makes them insufficient for
this use?
Cheers,
Trond
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/