The loopback pinentry
NIIBE Yutaka
gniibe at fsij.org
Thu Apr 21 01:25:53 CEST 2016
On 04/20/2016 11:26 PM, Werner Koch wrote:
> I propose to make --allow-loopback-pinentry the default and add an
> option --no-allow-loopback-pinentry, so that it is possible to disallow
> the use of the loopback pinentry. This is a simple change but some
> advanced use cases of GnuPG would benefit from this (e.g. Mailpile).
Are there any things (options and the protocol) for gpg-agent to
control/record the use of loopback mode for forwarded requests?
If so, I think that change of the default would be OK.
My concern is that:
The change of the default makes the remote access of private keys
under gpg-agent rather easier.
We need to setup things carefully (more) when we enable forwarding.
and/or
Modification of the protocol to distinguish remote client
(forwarded connection) would be encouraged.
Adding options for remote client handling would be needed?, perhaps.
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160421/b0a67756/attachment.sig>
More information about the Gnupg-devel
mailing list