On Friday, 24 November 2017 15:05:27 UTC+8, Jean-Philippe Ouellet wrote: > ...but surely not *all* of them able to do perform any operation they > want on any data they want using any key they want as soon as you > authorize it once for any VM! (by default the agent authorizes any use > of the keyring for 300 seconds(?) after first use) >
Yes, 300 seconds is the default. And it's only authorised for a given VM. Trying to sign from another VM will present the popup again. As long as I don't accept the GPG warning popup unless I know it's OK, I don't see this as an issue. Also, every signing request during these 300 seconds will display a notification, which will quickly reveal if there are any strange things happening (and, again, I'd need to manually authorise the first access anyway). > Was there some documentation you got this from? If so, please do point > me to it so I can correct it ASAP. > When I initially did this for 3.2, I followed the official documentation on this, which gave me the configuration that is identical to what I managed to set up with 4.0 now: https://www.qubes-os.org/doc/split-gpg/ There are no mentions of limiting access to specific VM's, and the following statement seems pretty reasonable to me: * “With Qubes Split GPG this problem is drastically minimized, because each time the key* * is to be used the user is asked for consent (with a definable time out, 5 minutes by default),* * plus is always notified each time the key is used via a tray notification from the domain* * where GPG backend is running. This way it would be easy to spot unexpected requests* * to decrypt documents.”* The attack scenario you describe just doesn't seem as serious to me as it does to you. This scenario would involve a rogue application calling qubes-gpg-client to attempt to sign some data, and somehow manage to trick me into accepting the request. Regards, Elias -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/da229360-96f6-44d1-9e3e-2e2fd9579c4b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.