[PATCH v5 1/4] certs: Add EFI_CERT_X509_GUID support for dbx entries

Eric Snowberg eric.snowberg at oracle.com
Fri Jan 29 01:56:16 UTC 2021


> On Jan 28, 2021, at 8:58 AM, David Howells <dhowells at redhat.com> wrote:
> 
> Nayna <nayna at linux.vnet.ibm.com> wrote:
> 
>> Thanks Eric for clarifying. I was confusing it with with the broader meaning
>> of revocation i.e. certificate revocation list. To avoid similar confusion in
>> the future, I wonder if we should call it as 'blocklist' or 'denylist' as
>> suggested in the document. This is to avoid conflicts with actual CRL support
>> if added in the future. I also wonder if we should add the clarification in
>> the patch description.
> 
> Reject-list might be better.

As far as naming goes, I have no preference.  If we can come to an agreement 
on the name, I can change it if needed. Or David, if you want to pull it into
your tree and change the naming again, I’m fine with whatever you pick.  Just
let me know how you would like to handle it.



More information about the Linux-security-module-archive mailing list