Re: [PATCH 3/4] module: search the key only by keyid

From: James Morris
Date: Mon Oct 06 2014 - 08:45:29 EST

Next message: Richard Guy Briggs: "Re: [PATCH V5 01/13] namespaces: assign each namespace instance a serial number"
Previous message: Thierry Reding: "Re: [PATCH v7 10/11] ARM: at91/dt: add LCD panel description to sama5d3xdm.dtsi"
In reply to: Dmitry Kasatkin: "Re: [PATCH 3/4] module: search the key only by keyid"
Next in thread: Dmitry Kasatkin: "Re: [PATCH 3/4] module: search the key only by keyid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 3 Oct 2014, David Howells wrote:

> Dmitry Kasatkin <d.kasatkin@xxxxxxxxxxx> wrote:
>
> > BTW. But actually why signer is needed to find the key?
> > Every key has unique fingerprint.
>
> The SKID is by no means guaranteed unique, is not mandatory and has no defined
> algorithm for generating it.
>
> > Or you say that different certificates might have the same PK?
> > What I would consider strange. But anyway, if PK is the same, then
> > verification succeed.
>
> Do note: We *do* need to get away from using SKIDs. We have situations where
> we have to use a key that doesn't have one.
>

David, I need to push to Linus for 3.17 -- please finalize the fix for
this and send me a pull request.

--
James Morris
<jmorris@xxxxxxxxx>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Richard Guy Briggs: "Re: [PATCH V5 01/13] namespaces: assign each namespace instance a serial number"
Previous message: Thierry Reding: "Re: [PATCH v7 10/11] ARM: at91/dt: add LCD panel description to sama5d3xdm.dtsi"
In reply to: Dmitry Kasatkin: "Re: [PATCH 3/4] module: search the key only by keyid"
Next in thread: Dmitry Kasatkin: "Re: [PATCH 3/4] module: search the key only by keyid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]