SSH generic socket forwarding for gpg-agent

NdK ndk.clanbo at gmail.com
Sun Feb 15 22:06:05 CET 2015


Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:

> The traditional argument against this sort of feature is that someone
> with control over your local socket would most likely have control over
> your graphical environment, and therefore could dismiss or hide any
> prompt that comes up (so the prompting is a false sense of security).
Who told, not so long ago, that if the attacker have control of the
machine you're using you've already lost?
The machine from where one is originating the ssh connection have to be
quite trusted. Else you need a smartcard with out-of-band authorization
for every operation.

BYtE,
 Diego




More information about the Gnupg-users mailing list