From: Mimi Zohar <zohar@linux.vnet.ibm.com>
To: James Morris <jmorris@namei.org>
Cc: David Howells <dhowells@redhat.com>,
Dmitry Kasatkin <d.kasatkin@samsung.com>,
linux-ima-devel@lists.sourceforge.net,
linux-security-module@vger.kernel.org, rusty@rustcorp.com.au,
keyrings@linux-nfs.org, linux-kernel@vger.kernel.org,
dmitry.kasatkin@gmail.com
Subject: Re: [PATCH 3/4] module: search the key only by keyid
Date: Mon, 06 Oct 2014 15:39:48 -0400 [thread overview]
Message-ID: <1412624388.7773.10.camel@dhcp-9-2-203-236.watson.ibm.com> (raw)
In-Reply-To: <alpine.LRH.2.11.1410062344070.24016@namei.org>
On Mon, 2014-10-06 at 23:44 +1100, James Morris wrote:
> On Fri, 3 Oct 2014, David Howells wrote:
>
> > Dmitry Kasatkin <d.kasatkin@samsung.com> wrote:
> >
> > > BTW. But actually why signer is needed to find the key?
> > > Every key has unique fingerprint.
> >
> > The SKID is by no means guaranteed unique, is not mandatory and has no defined
> > algorithm for generating it.
> >
> > > Or you say that different certificates might have the same PK?
> > > What I would consider strange. But anyway, if PK is the same, then
> > > verification succeed.
> >
> > Do note: We *do* need to get away from using SKIDs. We have situations where
> > we have to use a key that doesn't have one.
> >
>
> David, I need to push to Linus for 3.17 -- please finalize the fix for
> this and send me a pull request.
Thanks Dmitry, David. Everything now seems to be working properly with
the patchset David posted today.
Mimi
next prev parent reply other threads:[~2014-10-06 19:39 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-03 9:09 [PATCH 0/4] KEYS fixes Dmitry Kasatkin
2014-10-03 9:09 ` [PATCH 1/4] KEYS: handle error code encoded in pointer Dmitry Kasatkin
2014-10-03 9:09 ` [PATCH 2/4] KEYS: provide pure subject key identifier (fingerprint) as key id Dmitry Kasatkin
2014-10-03 9:09 ` [PATCH 3/4] module: search the key only by keyid Dmitry Kasatkin
2014-10-03 9:09 ` [PATCH 4/4] integrity: do zero padding of the key id Dmitry Kasatkin
2014-10-03 10:43 ` [PATCH 0/4] KEYS fixes Dmitry Kasatkin
2014-10-03 12:46 ` [PATCH 3/4] module: search the key only by keyid David Howells
2014-10-03 12:49 ` Dmitry Kasatkin
2014-10-03 12:53 ` Dmitry Kasatkin
2014-10-03 13:08 ` Dmitry Kasatkin
2014-10-03 13:40 ` David Howells
2014-10-03 14:00 ` Dmitry Kasatkin
2014-10-06 12:44 ` James Morris
2014-10-06 17:14 ` Dmitry Kasatkin
2014-10-06 19:39 ` Mimi Zohar [this message]
2014-10-03 12:46 ` [PATCH 1/4] KEYS: handle error code encoded in pointer David Howells
2014-10-03 14:19 ` [PATCH 0/4] KEYS fixes Mimi Zohar
2014-10-03 15:54 ` [PATCH] X.509: If available, use the raw subjKeyId to form the key description David Howells
2014-10-06 13:51 ` [PATCH 2/4] KEYS: provide pure subject key identifier (fingerprint) as key id David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1412624388.7773.10.camel@dhcp-9-2-203-236.watson.ibm.com \
--to=zohar@linux.vnet.ibm.com \
--cc=d.kasatkin@samsung.com \
--cc=dhowells@redhat.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=jmorris@namei.org \
--cc=keyrings@linux-nfs.org \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=rusty@rustcorp.com.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).