On Sun, Jan 29, 2006 at 01:29:01PM +0100, Adrian Bunk wrote:
You are taking the wrong approach.
The _only_ question that matters is:
Why is it technically impossible to do the same in userspace?
If it's technically possible to do the same in userspace, it must not be
done in the kernel.
It may not be impossible, but adding support for dsa key types to the
in-kernel key management is something like 150 lines of code once the
dsa crypto-ops are implemented. I think you get a lot of convenience
for those 150 lines (and yes, I do believe that convenience is also a
valid argument for adding functionality). Having to protect against all
attack vectors is much harder in user-space than in kernel-space.
As for the addition of the dsa crypto-ops, you still haven't answered
the question of how signed modules and/or binaries can be implemented
in userspace...
That's exactly the reason why e.g. kernel 2.6 does not contain a
webserver.
Apples and oranges
Re,
David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
[Index of Archives]
[Kernel Newbies]
[Netfilter]
[Bugtraq]
[Photo]
[Stuff]
[Gimp]
[Yosemite News]
[MIPS Linux]
[ARM Linux]
[Linux Security]
[Linux RAID]
[Video 4 Linux]
[Linux for the blind]
[Linux Resources]
