On Sun, May 4, 2025 at 7:25 PM KP Singh <kpsingh@xxxxxxxxxx> wrote: > On Sun, May 4, 2025 at 7:36 PM Paul Moore <paul@xxxxxxxxxxxxxx> wrote: > > On Fri, May 2, 2025 at 5:00 PM KP Singh <kpsingh@xxxxxxxxxx> wrote: ... > > > ... here's how we think it should be done: > > > > > > * The core signing logic and the tooling stays in BPF, something that the users > > > are already using. No new tooling. > > > > I think we need a more detailed explanation of this approach on-list. > > There has been a lot of vague guidance on BPF signature validation > > from the BPF community which I believe has partly led us into the > > situation we are in now. If you are going to require yet another > > approach, I think we all need to see a few paragraphs on-list > > outlining the basic design. > > Definitely, happy to share design / code. At this point I think a quick paragraph or two on how you believe the design should work would be a good start, I don't think code is necessary unless you happen to already have something written. -- paul-moore.com
