On Mon, May 21, 2007 at 01:44:23PM +1200, Peter Gutmann wrote: > >Ignoring special-purpose hardware, does anyone have thoughts on what the > >requirements for a kernel-level key management subsystem should be? > > Yes, but first you'd have to tell me what you're trying to do.
Protect keys in kernel land rather than userland. Allows for things like e.g. 1) marking memory unpageable (avoiding swap hazard) 2) relocating the data to different physical pages to prevent burn-in 3) secure wiping 4) providing a common system for storing and protecting them rather than doing it in each individual application 5) allowing for them to be shared securely among processes (like ssh-agent and gpg-agent) 6) provide protection against userland snooping programs (gdb anyone?) etc. -- <URL:http://www.subspacefield.org/~travis/> Eff the ineffable! For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgp7rkyiXmAFj.pgp
Description: PGP signature
