Re: [PATCH v6 03/13] KEYS: CA link restriction

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 9/14/21 5:14 PM, Eric Snowberg wrote:

Add a new link restriction.  Restrict the addition of keys in a keyring
based on the key to be added being a CA (self-signed).
A self-signed cert can be a root CA cert or a code-signing cert. The way to differentiate a CA cert is by checking BasicConstraints CA:TRUE and keyUsage:keyCertSign. Refer to Section Basic Constraints and Key Usage in the document - https://datatracker.ietf.org/doc/html/rfc5280. 

Thanks & Regards,

     - Nayna
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux