Re: Proposal: Remove MD5 / SHA1 support from veriexec

To: Sevan Janiyan <venture37%geeklan.co.uk@localhost>
Subject: Re: Proposal: Remove MD5 / SHA1 support from veriexec
From: Martin Husemann <martin%duskware.de@localhost>
Date: Tue, 22 Aug 2017 07:47:17 +0200

On Tue, Aug 22, 2017 at 12:12:19AM +0100, Sevan Janiyan wrote:
> Hello,
> As a two part process, I propose we remove the ability to generate
> signatures using SHA1/MD5 with veriexecgen as a part of NetBSD 8.
> Then in HEAD for NetBSD 9, we remove support for these hashes from the
> remaining components & kernel configuration files.

Removing support to generate these hash types in veriexecgen sounds fine.

Isn't that enough?

If I want to test boot a new kernel on an old installation, I should
not be forced to regen all hashes (but maybe I misunderstood how it works).

Martin

Follow-Ups:
- Re: Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Brett Lymn

References:
- Proposal: Remove MD5 / SHA1 support from veriexec
  - From: Sevan Janiyan

Prev by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Next by Date: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Previous by Thread: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Next by Thread: Re: Proposal: Remove MD5 / SHA1 support from veriexec
Indexes:

Home | Main Index | Thread Index | Old Index