On 06/03/12 19:59, auto15963...@hushmail.com wrote: >> 4. He has left his laptop unlocked and unattended for a very > short period >> of time and he is using gpg-agent with a cache-ttl > 0. > > I do in fact use gpg-agent and a cache >0, but this machine is not > in a workplace or public location. It is in my home, in a place > where visitors have no access, and my family would not have been > able to do this. My machine has considerable security. I am not > saying it would be 100% impossible to get access, but I am saying > that if there is a possibility, I am not aware of it and I need to > be so that I can prevent it recurrence. I do believe that there is > another more plausible explanation.
Never underestimate family, friends, neighbors and above all: pets! I've witnessed the combination of toddler + cat writing and sending encrypted and signed garbage to an ex-partner. >> Maybe gpg shouldn't use the cached signing passphrase (or any > cached >> passphrase) for generating a revocation certificate. > > This does sound like a reasonable consideration, in my opinion. At > least, I would like to have that option configurable. That's like a pretty bad idea. A cached passphrase could be used for a thousand different things which are more nasty as a revocation. If you don't like that: don't let it be cached. That's already configurable. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
