On Tue, 2021-08-24 at 10:34 -0400, Mimi Zohar wrote: > > > > Jarkko, I think the emphasis should not be on "machine" from Machine > > > > Owner Key (MOK), but on "owner". Whereas Nayna is focusing more on the > > > > "_ca" aspect of the name. Perhaps consider naming it > > > > "system_owner_ca" or something along those lines. > > > What do you gain such overly long identifier? Makes no sense. What > > > is "ca aspect of the name" anyway? > > > > As I mentioned previously, the main usage of this new keyring is that it > > should contain only CA keys which can be later used to vouch for user > > keys loaded onto secondary or IMA keyring at runtime. Having ca in the > > name like .xxxx_ca, would make the keyring name self-describing. Since > > you preferred .system, we can call it .system_ca. > > Sounds good to me. Jarkko? > > thanks, > > Mimi I just wonder what you exactly gain with "_ca"? /Jarkko