Date: Sun, 22 Oct 2017 18:14:40 -0400 From: Eric McCorkle <eric@metricspace.net> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@FreeBSD.org>, freebsd-security@freebsd.org, freebsd-arch@freebsd.org Subject: Trust system write-up Message-ID: <1a9bbbf6-d975-0e77-b199-eb1ec0486c8a@metricspace.net>
next in thread | raw e-mail | index | archive | help
Hello everyone, The following is a write-up of my current design for a public-key trust system: https://www.metricspace.net/files/freebsd_trust.pdf Some of you are certainly familiar with some or all of this; I've discussed parts of it before on -hackers and -security, and I discussed it in greater detail in BoF sessions at vBSDCon. It seems things are heating up in this direction, so I'd like to get this out there and get discussion and feedback. I plan on undertaking work on this in the very near future, especially since the commit-train for GELI EFI is ready to arrive in HEAD. A bit about the format: this is sort of the "meat" of what I hope will be a paper some day, but it's still an initial draft. Moreover, it talks about things I'm planning as if they exist, mainly because I don't want to have to go back and rewrite everything in the future. In reality, most of what I talk about is just a proposal at this point, with a few bits being implemented as a PoC here and there. Please read and consider the designs I've proposed. I welcome any feedback and suggestions. I'll give it a week minimum from today before I resume any work on this stuff. Note: Apologies for the external link; I had originally included this as an attachment, but it was too large.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1a9bbbf6-d975-0e77-b199-eb1ec0486c8a>