Re: [RFC] Keyrings: How to make them more useful

[RFC] Keyrings: How to make them more useful · David Howells <dhowells@redhat.com> · 2025-06-12
Re: [RFC] Keyrings: How to make them more useful · Benjamin Coddington <hidden> · 2025-06-12
Re: [RFC] Keyrings: How to make them more useful · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-12
Re: [RFC] Keyrings: How to make them more useful · David Howells <dhowells@redhat.com> · 2025-06-12
Re: [RFC] Keyrings: How to make them more useful · James Bottomley <James.Bottomley@HansenPartnership.com> · 2025-06-13
Re: [RFC] Keyrings: How to make them more useful · Mimi Zohar <zohar@linux.ibm.com> · 2025-06-16
Re: [RFC] Keyrings: How to make them more useful · Jarkko Sakkinen <jarkko@kernel.org> · 2025-06-17

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2025-06-16 20:30:38
Also in: keyrings, linux-cifs, linux-crypto, linux-fsdevel, linux-nfs, lkml, netdev

On Thu, 2025-06-12 at 13:36 +0100, David Howells wrote:

[ ...]

 (4) I think the keyring ACLs idea need to be revived.  We have a whole bunch
     of different keyrings, each with a specific 'domain' of usage for the
     keys contained therein for checking signatures on things.  Can we reduce
     this to one keyring and use ACLs to declare the specific purposes for
     which a key may be used or the specific tasks that may use it?  Use
     special subject IDs (ie. not simply UIDs/GIDs) to mark this.

David, which keyrings are you referring to?  What do you mean by 'domain' of
usage?  At what level of granularity are you thinking of?  This needs to be
describe in more detail.

thanks,

Mimi

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help