On Mon 2015-02-16 02:50:15 -0500, Doug Barton wrote: > On 2/15/15 11:41 PM, Daniel Kahn Gillmor wrote: >> In situations where you want to make sure that you know (and approve of) >> the use of the agent by the remote machine, you'd like a prompt to >> appear within your (local, trusted) environment. > > agent forwarding is off by default, and has to be enabled either on the > command line, or in a config file. Why is further user interaction on > this point necessary/desirable?
Because saying "i want to forward my agent to remote system X so that i can sign a couple of specific messages on that host" is different than saying "i want to forward my agent to remote system X so that X can make as many uses of my agent's secret key material as can be pushed down the network pipe". We're now explicitly enabling people to forward the agent (e.g. --extra-socket in gpg-agent(1)); we should be providing appropriate usage controls to accompany that functionality. --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
