Date: Mon, 23 Oct 2017 22:33:34 -0700 From: "Simon J. Gerraty" <sjg@juniper.net> To: Garrett Wollman <wollman@bimajority.org> Cc: Eric McCorkle <eric@metricspace.net>, <freebsd-security@freebsd.org>, <sjg@juniper.net> Subject: Re: UNS: Re: Trust system write-up Message-ID: <78860.1508823214@kaos.jnpr.net> In-Reply-To: <23022.35012.399346.198594@hergotha.csail.mit.edu> References: <1a9bbbf6-d975-0e77-b199-eb1ec0486c8a@metricspace.net> <1508775285.34364.2.camel@freebsd.org> <e4fb486c-fe8a-571e-8c95-f5f68c44b77c@metricspace.net> <72903.1508799185@kaos.jnpr.net> <d06c911a-9e2a-901f-b2bb-4fa2c26b2d59@metricspace.net> <23022.35012.399346.198594@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman <wollman@bimajority.org> wrote: > Since packages are already distributed with signatures over the entire > package manifest, it would be nice if you could use the package system > to feed this. Yes, that's what we do in Junos. The Junos package system relies on veriexec to verify packages and their content, and thus automatically feed manifest contents to the kernel, which renders the content executable. Eric's configurable trust store, could allow the above to be more widely used. In Junos the trust store is burned into the apps that need to verify things - which is great for us but not what you want for general deployment system. But it's hard to do things like this if they have to be optional.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78860.1508823214>