From: Mimi Zohar <zohar@linux.ibm.com>
To: Eric Biggers <ebiggers@kernel.org>
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
Ahmad Fatoum <a.fatoum@pengutronix.de>,
"Theodore Y. Ts'o" <tytso@mit.edu>,
Jaegeuk Kim <jaegeuk@kernel.org>,
kernel@pengutronix.de, James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
James Bottomley <jejb@linux.ibm.com>,
Sumit Garg <sumit.garg@linaro.org>,
David Howells <dhowells@redhat.com>,
linux-fscrypt@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2] fscrypt: support trusted keys
Date: Wed, 11 Aug 2021 20:54:34 -0400 [thread overview]
Message-ID: <0e69a0aa394dd20347b06ae4e700aa17d52583ef.camel@linux.ibm.com> (raw)
In-Reply-To: <YRQF09f8st95yrFZ@gmail.com>
On Wed, 2021-08-11 at 10:16 -0700, Eric Biggers wrote:
> Neither of you actually answered my question, which is whether the support for
> trusted keys in dm-crypt is a mistake. I think you're saying that it is? That
> would imply that fscrypt shouldn't support trusted keys, but rather encrypted
> keys -- which conflicts with Ahmad's patch which is adding support for trusted
> keys. Note that your reasoning for this is not documented at all in the
> trusted-encrypted keys documentation; it needs to be (email threads don't really
> matter), otherwise how would anyone know when/how to use this feature?
True, but all of the trusted-encrypted key examples in the
documentation are "encrypted" type keys, encrypted/decrypted based on a
"trusted" type key. There are no examples of using the "trusted" key
type directly. Before claiming that adding "trusted" key support in
dm-crypt was a mistake, we should ask Ahmad why he felt dm-crypt needed
to directly support "trusted" type keys.
Mimi
next prev parent reply other threads:[~2021-08-12 0:55 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-06 15:09 [PATCH v2] fscrypt: support trusted keys Ahmad Fatoum
2021-08-09 9:44 ` Jarkko Sakkinen
2021-08-09 10:00 ` Ahmad Fatoum
2021-08-09 10:02 ` Ahmad Fatoum
2021-08-10 18:02 ` Jarkko Sakkinen
2021-08-09 20:52 ` Eric Biggers
2021-08-10 18:06 ` Jarkko Sakkinen
2021-08-10 18:46 ` Eric Biggers
2021-08-10 21:21 ` Jarkko Sakkinen
2021-08-10 21:27 ` Eric Biggers
2021-08-11 0:17 ` Jarkko Sakkinen
2021-08-11 11:34 ` Mimi Zohar
2021-08-11 17:16 ` Eric Biggers
2021-08-12 0:54 ` Mimi Zohar [this message]
2021-08-17 13:04 ` Ahmad Fatoum
2021-08-17 13:55 ` Mimi Zohar
2021-08-17 14:13 ` Ahmad Fatoum
2021-08-17 14:24 ` Mimi Zohar
2021-08-18 2:09 ` Jarkko Sakkinen
2021-08-18 4:53 ` Sumit Garg
2021-08-09 21:24 ` Eric Biggers
2021-08-10 7:41 ` Ahmad Fatoum
2021-08-10 17:35 ` Eric Biggers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0e69a0aa394dd20347b06ae4e700aa17d52583ef.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=a.fatoum@pengutronix.de \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-fscrypt@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=sumit.garg@linaro.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.