Re: [PATCH 3/4] module: search the key only by keyid

From: David Howells
Date: Fri Oct 03 2014 - 09:40:36 EST


Dmitry Kasatkin <d.kasatkin@xxxxxxxxxxx> wrote:

> BTW. But actually why signer is needed to find the key?
> Every key has unique fingerprint.

The SKID is by no means guaranteed unique, is not mandatory and has no defined
algorithm for generating it.

> Or you say that different certificates might have the same PK?
> What I would consider strange. But anyway, if PK is the same, then
> verification succeed.

Do note: We *do* need to get away from using SKIDs. We have situations where
we have to use a key that doesn't have one.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/