On Tue, Aug 22, 2017 at 12:14 PM, Tudor Ambarus <tudor.ambarus@xxxxxxxxxxxxx> wrote: > Hi, Herbert, > > On 02/02/2017 03:57 PM, Herbert Xu wrote: >> >> Yes but RSA had an in-kernel user in the form of module signature >> verification. We don't add algorithms to the kernel without >> actual users. So this patch-set needs to come with an actual >> in-kernel user of ECDSA. > > > ECDSA can be used by the kernel module signing facility too. Is there > any interest in using ECDSA by the kernel module signing facility? I'd say keep it simple wherever possible; adding an algorithm should need "is required by" not just "can be used by". Even then, there is room for questions. In particular, whether such a fragile algorithm should be trusted at all, let alone for signatures on infrastructure modules that the whole OS will trust. https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm#Security