Subject: Re: [Keyrings] Re: [PATCH 01/04] Add multi-precision-integer maths
	library
From: Trond Myklebust <trond.myklebust@fys.uio.no>
To: David =?ISO-8859-1?Q?H=E4rdeman?= <david@2gen.com>
Cc: David Howells <dhowells@redhat.com>, Christoph Hellwig <hch@infradead.org>,
       keyrings@linux-nfs.org, linux-kernel@vger.kernel.org
In-Reply-To: <20060127204158.GA4754@hardeman.nu>
References: <20060127092817.GB24362@infradead.org> <1138312694656@2gen.com>
	 <1138312695665@2gen.com> <6403.1138392470@warthog.cambridge.redhat.com>
	 <20060127204158.GA4754@hardeman.nu>
Content-Type: text/plain; charset=utf-8
Date: Fri, 27 Jan 2006 17:19:45 -0500
Message-Id: <1138400385.8770.21.camel@lade.trondhjem.org>
Mime-Version: 1.0
Content-Transfer-Encoding: 8BIT
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1199
Lines: 25

On Fri, 2006-01-27 at 21:41 +0100, David Härdeman wrote:

> For example, a backup daemon which wishes to store the backup on another 
> host using ssh. Usually this is solved by storing an unencrypted key in 
> the fs or by providing a connection to a ssh-agent which has been 
> preloaded with the proper key(s). Both are quite inelegant solutions. 
> With the in-kernel support, the daemon can request the key using the 
> request_key call, and (provided proper scripts are written), the user 
> who controls the relevant key can supply it. This in turn means that the 
> backup daemon can sign using the key and read its public parts but not 
> the private key.

...but why would you want such a daemon to live in the kernel in the
first place? A backup application might perhaps need some kernel support
in order to ensure filesystem consistency, but that does not mean that
moving the entire daemon into the kernel is a good idea.

Cheers,
  Trond

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/