On Saturday, 25 November 2017 09:03:42 UTC+8, Leo Gaspard wrote: > On 11/24/2017 08:27 AM, Elias Mårtenson wrote: > > The attack scenario you describe just doesn't seem as serious to me as > > it does to you. This > > scenario would involve a rogue application calling qubes-gpg-client to > > attempt to sign some > > data, and somehow manage to trick me into accepting the request. > > I believe the threat Jean-Philippe is describing is something like: > * You use an untrusted VM to perform some GPG operation > * However it was infected and something was waiting for you to accept this > * This something can now perform any GPG operation they want during > 300s using your secret keys
Yes. I don't think we're in disagreement about the thread model. Even in the case you're describing I would still know that something is singing things on my behalf as every signing operation will display a notification. That said, the 300s unlock time isn't particularly beneficial to me, and I will probably set it to something significantly lower, like 1 second or even 0. Regards, Elias -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/db84bdfd-48e8-44f9-9645-1bf0a8a5d761%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
