Keeping (some information of) gpg --card-status private

Uri Blumenthal uri at mit.edu
Fri Jul 27 19:48:24 CEST 2018


In my opinion GnuPG should remain as is wrt. the behavior you complain about. This is the correct expected behavior, and it's mirroring what other standards (e.g., CAC and PIV) do.

And I for one don't find it unfortunate - I'm happy that it works the way it does. I'm interested in keeping this part of the spec frozen.

Sent from my test iPhone

> On Jul 27, 2018, at 13:13, Georg Faerber <georg at riseup.net> wrote:
> 
> Hi Achim, all,
> 
>> On 18-07-27 13:02:42, Achim Pietig wrote:
>> most information like key-IDs, fingerprints etc. are set to READ
>> ALWAYS in the card specification - this information is also available
>> in GnuPG (e. g. --list-keys) without any protection.
> 
> Alright.
> 
> Regarding your second point: Yeah, but, for example, imagine a pc using
> LUKS-encrypted storage: In case the device is turned off, these
> information are not revealed.
> 
>> Werner and me defined these policies 15 years ago and no one had any
>> probs with it up to now ;)
> 
> I see, thanks, even if this is a bit unfortunate.
> 
>> All implementions that are in compliance with the card specification
>> have the same behaviour. Any change will result in changes for GnuPG
>> and other software that works with the card too.
> 
> Any other people out there with an opinion regarding this? Any interest
> in changing the spec (to begin with)?
> 
> Cheers,
> Georg
> _______________________________________________
> Gnupg-devel mailing list
> Gnupg-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-devel



More information about the Gnupg-devel mailing list