Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths library

["David Härdeman" <david@2gen.com>]

On Sun, Jan 29, 2006 at 11:38:22AM -0500, Trond Myklebust wrote:
>On Sun, 2006-01-29 at 12:33 +0100, David Härdeman wrote:
>>>Why would you want to use proxy certificates for you own use? Use your
>>>own certificate for your own processes, and issue one or more proxy
>>>certificates to any daemon that you want to authorise to do some limited
>>>task.
>> 
>>I meant that you can't use proxy certs for your own use, so you still need 
>>to store your own cert/key somehow...and I still believe that the kernel 
>>keyring is the best place...
>
>Agreed. Now, reread what I said above, and tell me why this is an
>argument for doing dsa in the kernel?

If you agree that the kernel keyring is the best place, it shouldn't be 
a big step to also agree that in-kernel signing is "good" since it 
allows you to use the key while it makes it possible for the kernel to 
refuse to divulge the private part...even to the user who added the key 
(i.e. yourself)...

>>>...and what does this statement about "keys being safer in the kernel"
>>>mean?
>> 
>> swap-out to disk, ptrace, coredump all become non-issues. And in 
>> combination with some other security features (such as disallowing 
>> modules, read/write of /dev/mem + /dev/kmem, limited permissions via
>> SELinux, etc), it becomes pretty hard for the attacker to get your 
>> private key even if he/she manages to get access to the root account.
>
>Turning off coredump is trivial. All the features that LSM provide apply
>to userland too (including security_ptrace()), so the SELinux policies
>are not an argument for putting stuff in the kernel.
>
>Only the swap-out to disk is an issue, and that is less of a worry if
>you use a time-limited proxy in the daemon.

How do you use a "time-limited proxy in the daemon" for your own 
keys/cerificates (e.g. ssh keys)?

Re,
David