Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: Werner Koch <wk@gnupg.org>, 840669@bugs.debian.org, debian-devel@lists.debian.org, Johannes Schauer <josch@debian.org>
Subject: Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Tue, 18 Oct 2016 12:44:43 +0100
Message-id: <[🔎] 22534.2859.738338.570500@chiark.greenend.org.uk>
In-reply-to: <[🔎] 87twcagtw1.fsf@alice.fifthhorseman.net>
References: <87wpjw7b1s.fsf@alice.fifthhorseman.net> <147033080709.15692.9474725036138934700@localhost> <22436.47622.295174.844865@chiark.greenend.org.uk> <[🔎] 22529.4882.481237.860125@chiark.greenend.org.uk> <[🔎] 87insuwxgv.fsf@wheatstone.g10code.de> <[🔎] 87wphapvav.fsf@alice.fifthhorseman.net> <[🔎] 22530.18809.243728.259902@chiark.greenend.org.uk> <[🔎] 87twcagtw1.fsf@alice.fifthhorseman.net>

Daniel Kahn Gillmor writes ("Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes"):
> On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
> > 1. gnupg1-compatible authorisation lifetime:
> 
> I believe this is a deliberate change in semantics from the upstream
> GnuPG project.  In particular, authorization for the use of secret key
> material is now the responsibility of the gpg-agent.  This is an overall
> win, because it means that no process ever gets access to the secret key
> in memory *except* for the gpg-agent.

I think these properties about key material handling are good, but
this is not the same question as the authorisation lifetime.  You are
conflating two separate things.

>  The gpg-agent is where these decisions are made.

Actually, though, it just acts as an oracle, so it does not make any
decisions.

> If you want an agent that never caches any passphrase (and therefore has
> a one-use-per-authorization), this is an easy thing to do by adjusting
> max-cache-ttl in gpg-agent.conf.  you can also set this dynamically with
> gpgconf (see the --runtime option in gpgconf(1)).

It sounds like this is very close to what I want for the authorisation
lifetime qeustion (provided that it isn't racy).  Why is this not the
default for command line users without a session-provided agent ?

> Thanks for your engagement on this issue, Ian.

Thank you for being so tolerant of me being argumentative !

Regards,
Ian.

-- 
Ian Jackson <ijackson@chiark.greenend.org.uk>   These opinions are my own.

If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.

Reply to:

Follow-Ups:
- Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

References:
- Beware of leftover gpg-agent processes (was: Re: Changes for GnuPG in debian)
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: [pkg-gnupg-maint] Bug#840669: Beware of leftover gpg-agent processes
  - From: Werner Koch <wk@gnupg.org>
- Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>

Prev by Date: Bug#820036: No bug mentioning a Debian KEK and booting use it.
Next by Date: Re: Package name conflict question
Previous by thread: Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
Next by thread: Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
Index(es):
- Date
- Thread