SSH generic socket forwarding for gpg-agent

Doug Barton dougb at dougbarton.email
Mon Feb 16 08:50:15 CET 2015


On 2/15/15 11:41 PM, Daniel Kahn Gillmor wrote:
> On Sun 2015-02-15 16:06:05 -0500, NdK wrote:
>> Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:
>>
>>> The traditional argument against this sort of feature is that someone
>>> with control over your local socket would most likely have control over
>>> your graphical environment, and therefore could dismiss or hide any
>>> prompt that comes up (so the prompting is a false sense of security).
>> Who told, not so long ago, that if the attacker have control of the
>> machine you're using you've already lost?
>> The machine from where one is originating the ssh connection have to be
>> quite trusted. Else you need a smartcard with out-of-band authorization
>> for every operation.
>
> Yes, of course.  But the remote machine you're connecting *to* (and
> forwarding your agent to) is outside of that trust boundary.
>
> In situations where you want to make sure that you know (and approve of)
> the use of the agent by the remote machine, you'd like a prompt to
> appear within your (local, trusted) environment.

agent forwarding is off by default, and has to be enabled either on the 
command line, or in a config file. Why is further user interaction on 
this point necessary/desirable?

Doug




More information about the Gnupg-users mailing list