[PATCH GnuPG] sockets

Neal H. Walfield neal at walfield.org
Tue Sep 20 21:25:00 CEST 2016


On Tue, 20 Sep 2016 21:02:33 +0200,
Werner Koch wrote:
> On Tue, 20 Sep 2016 16:19, justus at g10code.com said:
> > The "extra" socket allows merely a subset of the operation that the
> > "normal" socket allows, hence the allowed operations are restricted to
> 
> I view it the other way: The standard socket allows operations which are
> not necessary for every days use.  The --extra-socket allows the
> commonly required operations.  "restricted" is the wrong term.  I would
> love to use "remote" but that would be a silly name for a local socket.
> 
> After all, I only want to have a shorter name than what you proposed.
> 
> > that subset.  How is "additional" a better name then "restricted"?  It
> 
> Because that word as weel as 'extra" has a positive connotation -
> meaning it is an actual useful thing.  Who wants to use something
> restricted ;-)

I strongly disagree with this.  I want my applications to be
restricted.  My solitaire program shouldn't be able to access any of
my files by default or the network.

I propose that we view this as an object capability system in which
GnuPG is an object and the different sockets are capabilities with
different authority.  The main socket provides full authority.  Other
sockets are attenuations thereof.  Correspondingly, we could do
something like this:

  # Full authority
  socket S.gpg-agent

  # Exclude the signing authority.
  socket -sign S.gpg-agent-nosign

etc.

This has the nice advantage that it is in theory possible to have
multiple sockets with similar authority.  Thus, we could even add some
session state so that an application, such as parcimonie, could, say,
force the user of a particular key server and that change would only
apply to that session.

Thoughts?

:) Neal



More information about the Gnupg-devel mailing list