Proposal: Remove MD5 / SHA1 support from veriexec

To: tech-security%netbsd.org@localhost
Subject: Proposal: Remove MD5 / SHA1 support from veriexec
From: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
Date: Tue, 22 Aug 2017 00:12:19 +0100

Hello,
As a two part process, I propose we remove the ability to generate
signatures using SHA1/MD5 with veriexecgen as a part of NetBSD 8.
Then in HEAD for NetBSD 9, we remove support for these hashes from the
remaining components & kernel configuration files.

Part 1:
http://www.netbsd.org/~sevan/patch-veriexecgen.txt

Part 2:
http://www.netbsd.org/~sevan/patch-veriexec-nomd5-sha1.txt

Thoughts / objections?


Sevan

Follow-Ups:
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Taylor R Campbell
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Martin Husemann
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Sevan Janiyan

Prev by Date: Re: W^X toggle button in RWX allocation
Next by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Previous by Thread: W^X toggle button in RWX allocation
Next by Thread: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Indexes:

Home | Main Index | Thread Index | Old Index