Return-path: Received: from lan.nucleusys.com ([92.247.61.126]:43948 "EHLO zztop.nucleusys.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S964804AbbEUQ7F (ORCPT ); Thu, 21 May 2015 12:59:05 -0400 Date: Thu, 21 May 2015 19:58:56 +0300 From: Petko Manolov To: Andy Lutomirski Cc: David Howells , "Luis R. Rodriguez" , Andy Lutomirski , LSM List , James Morris , "Serge E. Hallyn" , "linux-kernel@vger.kernel.org" , Linux Wireless List , Kyle McMartin , David Woodhouse , Seth Forshee , Greg Kroah-Hartman , Joey Lee , Rusty Russell , Mimi Zohar , Konstantin Ryabitsev , Michal Marek , Abelardo Ricart III , Sedat Dilek , keyrings@linux-nfs.org, Borislav Petkov , Jiri Kosina , Linus Torvalds Subject: Re: [RFD] linux-firmware key arrangement for firmware signing Message-ID: <20150521165856.GJ18164@localhost> (sfid-20150521_185913_844545_367B93D7) References: <20150519221128.GP23057@wotan.suse.de> <20150519200232.GM23057@wotan.suse.de> <555BA438.2070802@kernel.org> <9567.1432223509@warthog.procyon.org.uk> <20150521164313.GH18164@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: Sender: linux-wireless-owner@vger.kernel.org List-ID: On 15-05-21 09:48:10, Andy Lutomirski wrote: > On Thu, May 21, 2015 at 9:43 AM, Petko Manolov wrote: > > On 15-05-21 16:51:49, David Howells wrote: > >> > >> I do have patches to parse PGP key data and add the public keys found therein > >> onto the kernel keyring, but that would mean adding an extra key data parser. > > > > PGP is widely used so i would gladly have one more parser in the kernel. > > > PGP is also a crappy format: > > http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html > > and using PGP means we're probably stuck with PKCS#1 v1.5, which should have > been phased out worldwide many years ago. > > In any event, I don't see why PGP compatibility requires any sort of > OpenPGP parser in the kernel. Just because GnuPG goes out of its way > to be incompatible with anything other than the OpenPGP ecosystem > doesn't mean that you can't relatively straightforwardly generate raw > PKCS#1 signatures from an OpenPGP key. > Oh, i do agree with you in terms of quality of both formats. However, this is what is commonly used these days and not having these parsers in the kernel would require us to write tools for conversion to saner format. Which does not exist for the moment. Once we have those in place it would be all the same to me. Petko