confirmation for --export-secret-key

Frank Tobin ftobin@uiuc.edu
Mon, 20 Nov 2000 08:58:03 -0600 (CST)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Werner Koch, at 09:47 +0100 on Mon, 20 Nov 2000, wrote:

    If you have acccess to .mutrc you have alos access to
    .gnupg/secring.gpg - so who cares.

While I may not agree with the initial author's request to have a prompt
for exporting the secret key, Werner's statement here is not necessarily
correct, and implies people are only working with a 'standard' system.  
On some of my systems, I use CFS (cryptographic filesystem) to encrypt my
ssh and gnupg dirs.  These dirs are only "available" at certain times
(specifically, when I cattach them).

On a side note, it's really bad to assume the standard unix notion of
"user gets full access to all his stuff".  Through some means, the user
might restrict his standard access through means as CFS, TCFS, or a
system-level restrainer, but then can gain higher priviles by
authenticating with the system through a more stringent method (note: this
is not the same as su-ing to a different user).  True, most unixes don't
have the capability to divide up a user's capabilities yet, but that's
because unix could, ehem, use a bit of work in its capabilities model.

- -- 
Frank Tobin		http://www.uiuc.edu/~ftobin/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (FreeBSD)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjoZO/4ACgkQVv/RCiYMT6OKtwCfQFz2PLsxwMudJ/SXKrmXxWff
BboAn1U764ugPAHhMKcEArL9+ZdSKbO1
=QO+X
-----END PGP SIGNATURE-----

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org