Security of the gpg private keyring?

Robert J. Hansen rjh at sixdemonbag.org
Tue Mar 1 03:08:48 CET 2011


> There are probably many more issues like that tucked away once you start
> to think seriously about implementing the feature properly.

There's a lot of stuff in the literature on this subject.  This sort of behavior is usually called ORCON, for "ORiginator CONtrolled" -- referring usually to intelligence so sensitive the source controls who sees the intel and how it is used.

The first paper I can find on this subject belongs to Graubert, "On the Need for a Third Form of Access Control," _Proceedings of the 12th National Computer Security Conference_.  It's worth reading.




More information about the Gnupg-users mailing list