On Fri, 13 Sept 2024 at 11:32, David Howells wrote:
>
> Herbert Xu wrote:
>
> > Personally I don't think the argument above holds water. With
> > IPsec we had a similar issue of authenticating untrusted peers
> > using public key cryptography. In that case we successfully
> > delegated the task
Herbert Xu wrote:
> Personally I don't think the argument above holds water. With
> IPsec we had a similar issue of authenticating untrusted peers
> using public key cryptography. In that case we successfully
> delegated the task to user-space and it is still how it works
> to this day.
It tra
On Fri, Sep 13, 2024 at 10:30:11AM +0200, Roberto Sassu wrote:
>
> The second problem is, assuming that the task is verified through other
> means other than PGP (but again, we are still relying on the public
> crypto functionality to be performed by the kernel, for this to work),
> that I didn't g
On Fri, 2024-09-13 at 12:45 +0800, Herbert Xu wrote:
> Roberto Sassu wrote:
+ linux-security-module
> >
> > For the envisioned use cases, PGP operations cannot be done in user space,
> > since the consumers are in the kernel itself (Integrity Digest Cache and
> > IMA). Also they cannot be done
