On 27/06/14 20:44, Mimi Zohar wrote: > On Fri, 2014-06-27 at 14:55 +0100, David Howells wrote: >> Mimi Zohar <zo...@linux.vnet.ibm.com> wrote: >> >>> This patch defines a new kernel parameter 'keys_ownerid' to identify >>> the owner's key which must be used for trust validation of certificates. >> "ca_keys" or "only_ca" instead, maybe? > Neither of these names reflect the concept of the machine owner or a > local key. The initial patches named it 'owner_keyid'. If kernel > parameters don't need to be prefixed with the subsystem, we could revert > the name change or call it localca_keyid. > > Mimi
I neither against any of proposals. But considering that we use those keys to verify other keys, they become ca keys. So from that point of view I think 'ca_keys' reflects functionality quite ok. localca_ prefix is may be not very relevant as builtin keys may comesfrom kernel vendor (RH, Ubuntu) and is not really local... so let's decide on 'ca_keys'? Thanks, Dmitry > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/