code review: checking {key,modulo,prime} length in KcF
Darren J Moffat
darrenm at opensolaris.org
Thu Apr 23 02:02:56 PDT 2009
Vladimir Kotal wrote:
> Darren J Moffat wrote:
>
> <snip>
>
>> I feel quite strongly that not doing the checks in metaslot is
>> actually wrong and isn't fixing the root cause of the problem. Having
>> the check in metaslot is necessary to avoid the same problem across
>> multiple providers plugged into userland (eg, softtoken vs smartcard
>> vs tpm vs kernel).
>
> No one is disputing that (again, see CR 6266218) so I am not sure what
> is the problem. Maybe I was not specific enough in the first mail which
> was talking about addressing the "first part" ?
I missed that. I think the userland part in metaslot is more important
to address though if we actually want to fix the root cause.
--
Darren J Moffat
More information about the crypto-discuss
mailing list