The loopback pinentry

NIIBE Yutaka gniibe at fsij.org
Thu Apr 21 01:25:53 CEST 2016


On 04/20/2016 11:26 PM, Werner Koch wrote:
> I propose to make --allow-loopback-pinentry the default and add an
> option --no-allow-loopback-pinentry, so that it is possible to disallow
> the use of the loopback pinentry.  This is a simple change but some
> advanced use cases of GnuPG would benefit from this (e.g. Mailpile).

Are there any things (options and the protocol) for gpg-agent to
control/record the use of loopback mode for forwarded requests?

If so, I think that change of the default would be OK.

My concern is that:

    The change of the default makes the remote access of private keys
    under gpg-agent rather easier.

    We need to setup things carefully (more) when we enable forwarding.

    and/or

    Modification of the protocol to distinguish remote client
    (forwarded connection) would be encouraged.

    Adding options for remote client handling would be needed?, perhaps.
-- 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160421/b0a67756/attachment.sig>


More information about the Gnupg-devel mailing list