Re: [PATCH v4 00/12] Enroll kernel keys thru MOK

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2021-08-24 at 10:34 -0400, Mimi Zohar wrote:
> > > > Jarkko, I think the emphasis should not be on "machine" from Machine
> > > > Owner Key (MOK), but on "owner".  Whereas Nayna is focusing more on the
> > > > "_ca" aspect of the name.   Perhaps consider naming it
> > > > "system_owner_ca" or something along those lines.
> > > What do you gain such overly long identifier? Makes no sense. What
> > > is "ca aspect of the name" anyway?
> > 
> > As I mentioned previously, the main usage of this new keyring is that it 
> > should contain only CA keys which can be later used to vouch for user 
> > keys loaded onto secondary or IMA keyring at runtime. Having ca in the 
> > name like .xxxx_ca, would make the keyring name self-describing. Since 
> > you preferred .system, we can call it .system_ca.
> 
> Sounds good to me.  Jarkko?
> 
> thanks,
> 
> Mimi

I just wonder what you exactly gain with "_ca"?

/Jarkko




[Index of Archives]     [Kernel]     [Gnu Classpath]     [Gnu Crypto]     [DM Crypt]     [Netfilter]     [Bugtraq]

  Powered by Linux