invalid gpg key revocation

kwadronaut kwadronaut at aktivix.org
Wed Mar 7 10:21:46 CET 2012


On 06/03/12 19:59, auto15963931 at hushmail.com wrote:
>> 4. He has left his laptop unlocked and unattended for a very 
> short period
>> of time and he is using gpg-agent with a cache-ttl > 0.
> 
> I do in fact use gpg-agent and a cache >0, but this machine is not 
> in a workplace or public location. It is in my home, in a place 
> where visitors have no access, and my family would not have been 
> able to do this.  My machine has considerable security. I am not 
> saying it would be 100% impossible to get access, but I am saying 
> that if there is a possibility, I am not aware of it and I need to 
> be so that I can prevent it recurrence.  I do believe that there is 
> another more plausible explanation.


Never underestimate family, friends, neighbors and above all: pets! I've
witnessed the combination of toddler + cat writing and sending encrypted
and signed garbage to an ex-partner.

>> Maybe gpg shouldn't use the cached signing passphrase (or any 
> cached
>> passphrase) for generating a revocation certificate.
> 
> This does sound like a reasonable consideration, in my opinion. At 
> least, I would like to have that option configurable.
That's like a pretty bad idea. A cached passphrase could be used for a
thousand different things which are more nasty as a revocation. If you
don't like that: don't let it be cached. That's already configurable.



More information about the Gnupg-users mailing list