Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp2999219lqo; Tue, 14 May 2024 17:00:33 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUdRv6Zv2V+LmKsQDJeD2wBAS/zW29wLKuP2RigputI+E41mHNzhLYTRtZCGayyPHP0QvQDhvCUe3gYx+XhhojE/UDo7n9e41yPF7Jr2Q== X-Google-Smtp-Source: AGHT+IFCA+LX00VqrKHd/WBTOA+H2TdP9aZhc4UXuZZL/+mpSsw+Pi8Q7tx1gnmtUIj2mULEQqqp X-Received: by 2002:a05:6512:3b86:b0:51f:3f6c:7466 with SMTP id 2adb3069b0e04-5220fe79356mr12218070e87.48.1715731233261; Tue, 14 May 2024 17:00:33 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715731233; cv=pass; d=google.com; s=arc-20160816; b=hYmQviAp+Wzb9+dxoBNHucHCz8frw+mAucpzbMDqrNb+xPw8yn2lWMSPycAIhE6YCF Gntu3ammPV7pRiFPHNRVF4RaVJFQAicg+kOBzywf/zJaEWUJK6eFN8o+hQW01UJfCMX0 7FV6oAJi3Vg6P8D16KUlvMRYwIbRASMdnTLHrE127ggGP8c6UbyjCN2n9715sxS0RtPK HNM5W4bvRGYzDPUy87XtxJd450/q/rv6K4D9iM4s0dYXp4XayEl0t8s1W3PHQRoVAokx hmSPhOFR3ReuB+3sDgmBKF/sB7N6+G1Vpwem2GZKR2x/0Vv8k2q0Z8MhO6qbImm4f/Uz 6lUg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=n99Bql3gIIzuLFoZdV/TGsEOQMKJhGqv7H0JLXS0xew=; fh=yEUNK02wqlLeiUPgkfclyeebZ2efwjGXgx85oGsUPec=; b=CuXN0ekqohr8Vb1vyH3BiKTyAk4xbuZZuyZbA3dXVjLRq7MbZS4v6ll6B+pRJRVV+3 Nwvwy4PRadm+rhifl6u8Q9i+QQkW/bKvnrQ2lD491+w+xYiLNX7Uj+9eIjq+pASV177d wVVyi643e17+JVRS2T30EklYf1/c2mO8YcyZ0JsZeZK4XynjIUbPBr3dKrSw0oTL7Kdz iPvlENHjMrQUl/VYXybY+NYqHYRnu6KKrvoCzfNM2IgZZM5+ucsXElwMZf4CpiGIYcel m4FWX7Du9/IV3lL8WUZmKw0XHQAq/HiMhXr0rlG9B8XV2A5UhBMZXYzbOw6ZOpgfVUl2 S1fQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=AnX3SWAP; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-179272-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179272-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5733c32ce9csi6568699a12.467.2024.05.14.17.00.33 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 May 2024 17:00:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-179272-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=AnX3SWAP; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-179272-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179272-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 0344E1F21E61 for ; Wed, 15 May 2024 00:00:33 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 1F5F241C6A; Wed, 15 May 2024 00:00:26 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="AnX3SWAP" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3D5E114293; Wed, 15 May 2024 00:00:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715731225; cv=none; b=P24KLDQX7MNpXnypgNhLApQIpBg2VMl+AHLm7MVnFgXT6mtlsrrAGCuzgHTm9+PxBb3lixFDHM8cTnhIk21eNq16f/VZZ/0ckeD9Cjnz2VVs4tcGXArrm1XoRPBlAxSMdygGRFG/lnzgJTZO+OhOzawVGHDtmAES8HEjoMuvbS0= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715731225; c=relaxed/simple; bh=n99Bql3gIIzuLFoZdV/TGsEOQMKJhGqv7H0JLXS0xew=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=G+pr0691QBwUHxBJLweyorz2rZrC/+6mQdD+j9BUjoFC2J0bLFO7te1C+RLzBMo1PKw0wQuGDL0iYL9qMBIoykO3MfRRrEelp3J49TGJzfT8lfgdmfSVotIei9JDn0PN+KASjQd+4RGZvQWDm+QLPMns+3Rm6SGtxcp41yySxrM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=AnX3SWAP; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 51CBDC2BD10; Wed, 15 May 2024 00:00:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1715731224; bh=n99Bql3gIIzuLFoZdV/TGsEOQMKJhGqv7H0JLXS0xew=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=AnX3SWAP1Ne73UHmgXZTV/afLAPSwGkDNp6kB61zZE+pwif2Sx4t0auwqM6QhLuVy ikKZq5icIvinn/wCvD22B0iotNfkoq9RMhX+JvwbGKoeUHUjjq2h86KX1EZE7E2vhm 8BJY0WfDz9IQBVQ5LR/CcM+4/5H+mmHC7bml1DFVSMjl4DHxhD/5y+hAEqimNk60qF /y035kEW5xsgOcCwLNpn/HLgb5OZ1b/g//VADxbuKnQVcqFb3R/JcO5TOygIn5eTlp iL7btC0DbUIhNtYciA5N9Y6FDXSX0DbApLSwf4M8iMiS7PLOlgYonUNUzBxiQMf4v0 OPptqFewaXf7g== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 15 May 2024 03:00:20 +0300 Message-Id: Cc: Subject: Re: [RFC PATCH 2/2] KEYS: implement derived keys From: "Jarkko Sakkinen" To: "Jarkko Sakkinen" , "Ignat Korchagin" , "James Bottomley" , "Mimi Zohar" , "David Howells" , "Paul Moore" , "James Morris" , , , , X-Mailer: aerc 0.17.0 References: <20240503221634.44274-1-ignat@cloudflare.com> <20240503221634.44274-3-ignat@cloudflare.com> In-Reply-To: On Wed May 15, 2024 at 2:44 AM EEST, Jarkko Sakkinen wrote: > > > > What is "key length"? Please refer the exact attribute. > > > > > > > > User id is mixed, so different users get different keys even when exe= cuting the > > > > First of all it would be more clear to just s/User id/UID/ > > > > And make obvious whether we are talking about ruid or euid and how > > this interacts with GIDs. > > > > I'll look at the code change next round if the commit message starts > > making any sense. > > Right and neither UIDs and GIDs are applicable for key derivation for > quite obvious reasons. So NAK for that too. > > You can make them point out unlimited different identities... Please drop the whole stateless system argument from the next patch set version. It looks to me that only it has been considered and we don't even have definition what it is. I think it only distorts and confuses and is totally app specific in the end of the day. This looks more like a tool for identity theft than a key in its current state. This could never ever exist in a "stateful system" and this mainline code base so would be quite irresponsible to ever take this. There's only one attribute I'm aware that you could ever possibly use for key derivation: mm_struct->exe_file. BR, Jarkko