[PATCH GnuPG] agent: Enable restricted, browser, and ssh socket by default.
Neal H. Walfield
neal at walfield.org
Tue Sep 20 12:23:18 CEST 2016
On Tue, 20 Sep 2016 11:51:33 +0200,
Werner Koch wrote:
> > 'restricted' on the other hand hints at why you might want to use this
> > over the standard socket. Maybe 'remote'...
>
> I recall that my first idea for the option name was --remote-socket. I
> did not name it so because it is not a remote socket but a local socket
> which is forwarded to the remote site using a separate tool (ssh).
>
> "restricted" does not describe the feature, "additional" would be better
> but that is too long; thus I still like "extra".
FWIW, one way to think of these different sockets is that they are
capabilities: they are references to an object (GnuPG) and the
reference carries the access control information (what operations are
allowed). The only way to, say, decrypt a message is to invoke the
appropriate operation on the GnuPG object, which is done via one of
the capabilities (sockets), which determines whether this operation is
allowed (the identity of the caller is not somehow checked like with
ACLs).
More information about the Gnupg-devel
mailing list