On Oct 18, 2010, at 8:51 03AM, Jean-Yves Migeon wrote: > > On Sun, 17 Oct 2010 20:11:06 -0400, Thor Lancelot Simon <t...@panix.com> > wrote: >> On Sun, Oct 17, 2010 at 04:04:59PM -0400, Matthew Mondor wrote: >>> On Sat, 16 Oct 2010 13:58:19 -0400 >>> Thor Lancelot Simon <t...@panix.com> wrote: >>> >>>> 2) Finish the asymmetric operation support in cryptodev and >>>> actually require modules to be signed. This is basically a >>>> superset of #1 above that could get about as complicated as >>>> one wanted it to (ugh) but might be worthwhile if kept simple. >>> >>> You seem to now agree with me that this could be a solution. It >>> indeed requires more work, but it also has advantages: not having to >> >> Let me know when you've got the code ready for review. > > *lurker mode off* > IIRC, part of agc work with netpgp is to integrate signature verification > within kernel. > *lurker mode on* > Signatures provide *authentication*; what is needed here is *authorization*. >
--Steve Bellovin, http://www.cs.columbia.edu/~smb