Simon Josefsson jas@extundo.com
Sat, 25 Jan 2003 21:19:52 +0100

Werner Koch <wk@gnupg.org> writes:

>> If not, I fear that making applications setuid in order for secure
>> memory to be available creates more security problems than it solves.
> I general I think this secure memory is not really required 

My sentiments exactly.  People worried about the attack model can fix
their OS to never leave deallocated memory around.  It should be more
reliable than auditing all code to make sure it never stores (possibly
derived) secrets in ordinary memory.

> and operations with sensitive data should better be handled by a
> dedicated process, like gpg-agent.

Can the gpg-agent, despite its name, be used by non-gpg applications
too?  Offering to handle all user interactions within my library (via
gpg-agent) instead of bothering the application to implement similar
functionality would be useful.