From owner-freebsd-hackers@freebsd.org Wed Mar 29 14:02:05 2017 Return-Path: Delivered-To: freebsd-hackers@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E16D7D23BAE; Wed, 29 Mar 2017 14:02:05 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from mail.metricspace.net (mail.metricspace.net [IPv6:2001:470:1f11:617::107]) by mx1.freebsd.org (Postfix) with ESMTP id B78523D35; Wed, 29 Mar 2017 14:02:05 +0000 (UTC) (envelope-from eric@metricspace.net) Received: from [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f] (unknown [IPv6:2001:470:1f11:617:3210:b3ff:fe77:ca3f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) (Authenticated sender: eric) by mail.metricspace.net (Postfix) with ESMTPSA id 1AE4116AF; Wed, 29 Mar 2017 14:02:05 +0000 (UTC) Subject: Re: Proposal for a design for signed kernel/modules/etc To: "freebsd-hackers@freebsd.org" , freebsd-security@freebsd.org References: <6f6b47ed-84e0-e4c0-9df5-350620cff45b@metricspace.net> <20170329121052.l6e7ajvvq6yfltpt@office.storpool.com> From: Eric McCorkle Message-ID: <5f2e1bf1-947d-3e2d-b7e4-034f8f1af3e9@metricspace.net> Date: Wed, 29 Mar 2017 10:02:02 -0400 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <20170329121052.l6e7ajvvq6yfltpt@office.storpool.com> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="g9p1eA8eXHkgsXgRu9Obp2UkogJhfcsTg" X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2017 14:02:06 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --g9p1eA8eXHkgsXgRu9Obp2UkogJhfcsTg Content-Type: multipart/mixed; boundary="SOUBPUWIbUil86cK1NdLg2cFwNoTC56vo"; protected-headers="v1" From: Eric McCorkle To: "freebsd-hackers@freebsd.org" , freebsd-security@freebsd.org Message-ID: <5f2e1bf1-947d-3e2d-b7e4-034f8f1af3e9@metricspace.net> Subject: Re: Proposal for a design for signed kernel/modules/etc References: <6f6b47ed-84e0-e4c0-9df5-350620cff45b@metricspace.net> <20170329121052.l6e7ajvvq6yfltpt@office.storpool.com> In-Reply-To: <20170329121052.l6e7ajvvq6yfltpt@office.storpool.com> --SOUBPUWIbUil86cK1NdLg2cFwNoTC56vo Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 03/29/2017 08:10, Peter Pentchev wrote: >=20 > Erm, actually, the so-called "gnupg signature format", better known as > "the OpenPGP signature format", is pretty well documented in RFC 4880. > Note that this remark has no bearing on any of your other arguments, or= > on your work as a whole; I just wanted to clarify this particular point= :) Noted, though I think I'd prefer a format that's directly supported by OpenSSL. > G'luck, > Peter >=20 --SOUBPUWIbUil86cK1NdLg2cFwNoTC56vo-- --g9p1eA8eXHkgsXgRu9Obp2UkogJhfcsTg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEzzhiNNveVG6nWjcH1w0wQIFco2cFAljbvloACgkQ1w0wQIFc o2e1jw//Vo9ldXF8hVgQKTxCcHneVlCwsgqh0CacUs2GRj4aufoSSlqj9cQgVoEv gyTFd4sgx5MZ/7l1XRN1lBFsT0ulTb+ey+43JLFdRMfPaMZeID4+m7R2sCmIDK3N 2mYsBC74tZ3OEc0cmHQNQkLgccG+0/XF7qtdafJVulM85+mH7jefvVyZx7mCUX2r W5L9CW4QL0+SusRfzLZ9TZ8VsD/Kiw0rWtiV77/7VxAVRaDLPTR8mSRwM81Du4gR SE6eLROJdLmxOWNbm7Q7/pFYlZ0OCLUGWTic+UsU3lSXlJBg2O26PA5FelZ9PaJh T2g3ADBGgSuvZGFlCAUj2MgP2IGaCJk+ZTCaHIsPiSjpD0T35G126nMPTkzFyFlz DOB13wDwcjbW7w9adGSxf3qkQ46xf2vD4PtrCDf0VhkxtaqjbdXRkk8BXxD/YRgH oSCkHl39Z2l4s4CdMt43xnwaJuflGc8vuDEkcpbSdpwHir1h61sqmRn3F/XOzBDC Mu4oUhjpgviUnUSwDI9FkE+/ba2OnZbDi0/V2ktUzOm2ObyuZ6IJFXrdntrr+/J8 aCfEHt+gH/xca3z/Nf/rmx+3ewTLpFpfKq1T5lrhX5w8YZOyUyoudtjN31wLEP6M 2P9Pc0WKVtBmXz3nKj5Bhn3a4uqJJTHJfwVYqDrokiUfTWmOlR0= =pNNj -----END PGP SIGNATURE----- --g9p1eA8eXHkgsXgRu9Obp2UkogJhfcsTg--