Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes
Daniel Kahn Gillmor writes ("Re: [pkg-gnupg-maint] Bug#840669: Bug#840669: Beware of leftover gpg-agent processes"):
> On Sat 2016-10-15 11:21:29 -0400, Ian Jackson wrote:
> > 1. gnupg1-compatible authorisation lifetime:
> I believe this is a deliberate change in semantics from the upstream
> GnuPG project. In particular, authorization for the use of secret key
> material is now the responsibility of the gpg-agent. This is an overall
> win, because it means that no process ever gets access to the secret key
> in memory *except* for the gpg-agent.
I think these properties about key material handling are good, but
this is not the same question as the authorisation lifetime. You are
conflating two separate things.
> The gpg-agent is where these decisions are made.
Actually, though, it just acts as an oracle, so it does not make any
> If you want an agent that never caches any passphrase (and therefore has
> a one-use-per-authorization), this is an easy thing to do by adjusting
> max-cache-ttl in gpg-agent.conf. you can also set this dynamically with
> gpgconf (see the --runtime option in gpgconf(1)).
It sounds like this is very close to what I want for the authorisation
lifetime qeustion (provided that it isn't racy). Why is this not the
default for command line users without a session-provided agent ?
> Thanks for your engagement on this issue, Ian.
Thank you for being so tolerant of me being argumentative !
Ian Jackson <email@example.com> These opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.