[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: invalid gpg key revocation
From: kwadronaut <kwadronaut () aktivix ! org>
Date: 2012-03-07 9:21:46
Message-ID: 4F5728AA.8060300 () aktivix ! org
[Download RAW message or body]
On 06/03/12 19:59, auto15963931@hushmail.com wrote:
>> 4. He has left his laptop unlocked and unattended for a very
> short period
>> of time and he is using gpg-agent with a cache-ttl > 0.
>
> I do in fact use gpg-agent and a cache >0, but this machine is not
> in a workplace or public location. It is in my home, in a place
> where visitors have no access, and my family would not have been
> able to do this. My machine has considerable security. I am not
> saying it would be 100% impossible to get access, but I am saying
> that if there is a possibility, I am not aware of it and I need to
> be so that I can prevent it recurrence. I do believe that there is
> another more plausible explanation.
Never underestimate family, friends, neighbors and above all: pets! I've
witnessed the combination of toddler + cat writing and sending encrypted
and signed garbage to an ex-partner.
>> Maybe gpg shouldn't use the cached signing passphrase (or any
> cached
>> passphrase) for generating a revocation certificate.
>
> This does sound like a reasonable consideration, in my opinion. At
> least, I would like to have that option configurable.
That's like a pretty bad idea. A cached passphrase could be used for a
thousand different things which are more nasty as a revocation. If you
don't like that: don't let it be cached. That's already configurable.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic