invalid gpg key revocation
kwadronaut
kwadronaut at aktivix.org
Wed Mar 7 10:21:46 CET 2012
On 06/03/12 19:59, auto15963931 at hushmail.com wrote:
>> 4. He has left his laptop unlocked and unattended for a very
> short period
>> of time and he is using gpg-agent with a cache-ttl > 0.
>
> I do in fact use gpg-agent and a cache >0, but this machine is not
> in a workplace or public location. It is in my home, in a place
> where visitors have no access, and my family would not have been
> able to do this. My machine has considerable security. I am not
> saying it would be 100% impossible to get access, but I am saying
> that if there is a possibility, I am not aware of it and I need to
> be so that I can prevent it recurrence. I do believe that there is
> another more plausible explanation.
Never underestimate family, friends, neighbors and above all: pets! I've
witnessed the combination of toddler + cat writing and sending encrypted
and signed garbage to an ex-partner.
>> Maybe gpg shouldn't use the cached signing passphrase (or any
> cached
>> passphrase) for generating a revocation certificate.
>
> This does sound like a reasonable consideration, in my opinion. At
> least, I would like to have that option configurable.
That's like a pretty bad idea. A cached passphrase could be used for a
thousand different things which are more nasty as a revocation. If you
don't like that: don't let it be cached. That's already configurable.
More information about the Gnupg-users
mailing list