RFD: Services lockdown for security providers
Martin Balao
mbalao at redhat.com
Fri May 26 00:15:02 UTC 2023
On 5/25/23 19:54, Wei-Jun Wang wrote:
> So, the filter will look like this?
>
> SunPKCS11-Name.Signature.*,!*.Signature.*,*
>
Yes, that's right. The filter that you showed will do the following:
1) Accept Signature services provided by SunPKCS11-Name, irrespective of
the algorithm;
2) Block Signature services from all non-SunPKCS11-Name providers; and,
3) Accept anything else (including certificates validation).
More information about the security-dev
mailing list