On 2/15/15 11:41 PM, Daniel Kahn Gillmor wrote:
On Sun 2015-02-15 16:06:05 -0500, NdK wrote:
Il 13/02/2015 23:23, Daniel Kahn Gillmor ha scritto:
The traditional argument against this sort of feature is that someone
with control over your local socket would most likely have control over
your graphical environment, and therefore could dismiss or hide any
prompt that comes up (so the prompting is a false sense of security).
Who told, not so long ago, that if the attacker have control of the
machine you're using you've already lost?
The machine from where one is originating the ssh connection have to be
quite trusted. Else you need a smartcard with out-of-band authorization
for every operation.
Yes, of course. But the remote machine you're connecting *to* (and
forwarding your agent to) is outside of that trust boundary.
In situations where you want to make sure that you know (and approve of)
the use of the agent by the remote machine, you'd like a prompt to
appear within your (local, trusted) environment.
agent forwarding is off by default, and has to be enabled either on the
command line, or in a config file. Why is further user interaction on
this point necessary/desirable?
Doug
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users