Security of the gpg private keyring?
Robert J. Hansen
rjh at sixdemonbag.org
Tue Mar 1 03:08:48 CET 2011
> There are probably many more issues like that tucked away once you start
> to think seriously about implementing the feature properly.
There's a lot of stuff in the literature on this subject. This sort of behavior is usually called ORCON, for "ORiginator CONtrolled" -- referring usually to intelligence so sensitive the source controls who sees the intel and how it is used.
The first paper I can find on this subject belongs to Graubert, "On the Need for a Third Form of Access Control," _Proceedings of the 12th National Computer Security Conference_. It's worth reading.
More information about the Gnupg-users