A last word on --passphrase-fd

Frank Tobin ftobin@uiuc.edu
Fri, 21 Jan 2000 16:23:06 -0600 (CST) 

Werner Koch, at 10:52 on Fri, 21 Jan 2000, wrote:


> Doing tricky stuff to feed the passphrase to gpg is futile and only

> makes the code more complex and error prone.


What I think some are wanting to say is that they don't only want 'tricky'
ways to handle passing the passphrase to GnuPG; some languages don't have
all the niceties of finding the numerical fd, and then being able to pass
it down to GnuPG via a fd.

I'm not saying that passphrase-fd is bad.  Rather, I think it's a very
good interface given the non-anonymity design of most unixes.  However, I
just don't think that there is anything inherently wrong with passing it
in via an argument; it is only a problem if other users on the system can
see the argument list of other users's processes.  And this should not be
taken for granted, just because most people use Linux where this is
possible.

Therefore, I think there is no reason _not_ to allow the information to
passed in as an argument.  It's the programmer's responsibility to handle
the situation correctly for his environment.  I feel that making this
decision for him is a bad thing.  There's More Than One Way To Do It
(TMTOWTDI - Perl Motto).


> There are two scenarios I can see for that --passphrase-fd makes sense:


I could create other scenarios.  For example, consider an example where
the daemon process only has access to the secrets (passphrase and secret
key)  some of the time.  What do I mean?  Well, consider a scenario where
the passphrase file is mounted over a networked filesystem.  The host only
allows clients to connect at certain times; the reasons for this could be
several, including easier control, monitoring, analysis of what is going
on.  This also allows for separation of secrets.  The secret key's
passphrase file is mounted at certain times, allowing the daemon access to
it.  The same could be done with the secret keyfile.  This separation of
secrets could actually be useful in somesituation.  I'm not saying this
system is currently feasible or secure; I'm only using it to demonstrate
that that there definitely could be situations that you don't think of.  
Once again, There's More Than One Way To Do It.


-- 
Frank Tobin		http://www.neverending.org/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed."  Myst: The Book of Atrus

OpenPGP:  4F86 3BBB A816 6F0A 340F  6003 56FF D10A 260C 4FA3