[prev in list] [next in list] [prev in thread] [next in thread] 

List:       qubes-devel
Subject:    Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to
From:       Elias_Mårtenson <lokedhs () gmail ! com>
Date:       2017-11-27 10:29:23
Message-ID: db84bdfd-48e8-44f9-9645-1bf0a8a5d761 () googlegroups ! com
[Download RAW message or body]


On Saturday, 25 November 2017 09:03:42 UTC+8, Leo Gaspard  wrote:
> On 11/24/2017 08:27 AM, Elias Mårtenson wrote:
> > The attack scenario you describe just doesn't seem as serious to me as
> > it does to you. This
> > scenario would involve a rogue application calling qubes-gpg-client to
> > attempt to sign some
> > data, and somehow manage to trick me into accepting the request.
> 
> I believe the threat Jean-Philippe is describing is something like:
> * You use an untrusted VM to perform some GPG operation
> * However it was infected and something was waiting for you to accept this
> * This something can now perform any GPG operation they want during
> 300s using your secret keys

Yes. I don't think we're in disagreement about the thread model.
Even in the case you're describing I would still know that something
is singing things on my behalf as every signing operation will display
a notification.

That said, the 300s unlock time isn't particularly beneficial to me, and
I will probably set it to something significantly lower, like 1 second
or even 0.

Regards,
Elias

-- 
You received this message because you are subscribed to the Google Groups \
"qubes-devel" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to qubes-devel+unsubscribe@googlegroups.com. To post to this group, \
send email to qubes-devel@googlegroups.com. To view this discussion on the web visit \
https://groups.google.com/d/msgid/qubes-devel/db84bdfd-48e8-44f9-9645-1bf0a8a5d761%40googlegroups.com.
 For more options, visit https://groups.google.com/d/optout.



[prev in list] [next in list] [prev in thread] [next in thread]