Daniel Kahn Gillmor <[email protected]> wrote: >On Tue 2016-11-22 11:20:26 -0500, Carola Grunwald wrote: >> They don't have direct access to any key. Nevertheless by using someone >> else's cached passphrase with 2.1 and its all-embracing keyring they may >> succeed in decoding data not meant for them. > >fwiw, the same concerns hold for a shared gpg-agent passphrase-cache >from pre-2.1 versions of gpg as well, right?
Of course. > >your model sounds like it needs to use a separate agent per user, >regardless of which version of the agent you're using. With GnuPG 1.4 I had no agent. And, in case it is, I've no idea why with 2.x such a passphrase cache with all its risks has to be mandatory. Kind regards Caro _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
