The loopback pinentry

Daniel Kahn Gillmor dkg at
Wed Apr 20 18:33:52 CEST 2016

Hi Werner--

On Wed 2016-04-20 10:26:18 -0400, Werner Koch wrote:

> I propose to make --allow-loopback-pinentry the default and add an
> option --no-allow-loopback-pinentry, so that it is possible to disallow
> the use of the loopback pinentry.  This is a simple change but some
> advanced use cases of GnuPG would benefit from this (e.g. Mailpile).

It seems like it's pretty easy for advanced users like Mailpile to set
allow-loopback-pinentry directly for their running gpg-agent (if they
need to do so) so that's not a good argument for changing the defaults.

Is there a writeup of the expected threat model for gpg-agent?  if not,
it would be worth writing down a few paragraphs to help clarify
decisions like this.


More information about the Gnupg-devel mailing list