Future OpenPGP Support in Thunderbird
Robert J. Hansen
rjh at sixdemonbag.org
Mon Oct 21 21:11:50 CEST 2019
>> GnuPG has steadfastly refused to create an OpenPGP library programmers
>> can use directly,
>
> I was under the impression that gpgme is just such a library.
It is not. Under the hood, GPGME works by launching an entirely new
process and directing it via interprocess communication.
Hopefully this puts the rest of my paragraph in perspective:
"... on the grounds that security is improved by adding
process separation between the application process and the GnuPG
process. There's a lot to be said for this argument. There's a lot to
be said for the counterargument: that the additional complexity involved
in communicating across a process boundary turns it into a false savings."
Regardless of whether you interface with GnuPG directly (as Enigmail
does) or through a library (as GPGME-using applications do), you're
still running GnuPG in a separate process and communicating across a
process boundary.
More information about the Gnupg-users
mailing list