Garrett Wollman wrote:
> Since packages are already distributed with signatures over the entire
> package manifest, it would be nice if you could use the package system
> to feed this.
Yes, that's what we do in Junos.
The Junos package system relies on veriexec to verify packages and their
conte
< said:
> However, there is a definite advantage to having one signature for a
> huge number of MACs. Moreover, as I mention in the paper, the most
> feasible quantum-safe signature scheme at the present is SPHINCS, which
> has signatures about 40Kib in size. That's pretty terrible if you're
> s
Eric McCorkle wrote:
> > Any thoughts on how to validate executables which are not elf binaries,
> > such as shell scripts, python programs, etc?
>
> I hadn't really thought in depth about it, as my main initial goal is
> signed kernel/modules, but I have given it some thought...
>
> An alterna
On 10/23/2017 18:53, Simon J. Gerraty wrote:
> Eric McCorkle wrote:
>>> Any thoughts on how to validate executables which are not elf binaries,
>>> such as shell scripts, python programs, etc?
>>
>> I hadn't really thought in depth about it, as my main initial goal is
>> signed kernel/modules, but
On 10/23/2017 12:14, Ian Lepore wrote:
> Any thoughts on how to validate executables which are not elf binaries,
> such as shell scripts, python programs, etc?
I hadn't really thought in depth about it, as my main initial goal is
signed kernel/modules, but I have given it some thought...
Arguabl
On Sun, 2017-10-22 at 18:14 -0400, Eric McCorkle wrote:
> Hello everyone,
>
> The following is a write-up of my current design for a public-key trust
> system:
>
> https://www.metricspace.net/files/freebsd_trust.pdf
>
> Some of you are certainly familiar with some or all of this;
> I've discusse
Hello Eric,
On Sun, Oct 22, 2017 at 06:14:40PM -0400, Eric McCorkle wrote:
> The following is a write-up of my current design for a public-key trust
> system:
>
> https://www.metricspace.net/files/freebsd_trust.pdf
Two minor things while reading:
1. p2: from a end-user perspective, `trustctl` e
Accidentally replied to -arch only, re-replying to all lists
On 10/22/2017 18:31, Shawn Webb wrote:
> I'm curious about the rational behind not requiring expiration of
> trusted root key material.
>
So, I'd say consider most of this written in pencil at this point (minus
the signed ELF extension;
On Sun, Oct 22, 2017 at 10:14:40PM +, Eric McCorkle wrote:
> Hello everyone,
>
> The following is a write-up of my current design for a public-key trust
> system:
>
> https://www.metricspace.net/files/freebsd_trust.pdf
>
> Some of you are certainly familiar with some or all of this;
> I've d
Hello everyone,
The following is a write-up of my current design for a public-key trust
system:
https://www.metricspace.net/files/freebsd_trust.pdf
Some of you are certainly familiar with some or all of this;
I've discussed parts of it before on -hackers and -security, and I
discussed it in grea
10 matches
Mail list logo
