Shouldn't be terribly surprising to this crowd, but: https://efail.de/
Simply using split-pgp does *NOT* protect you against this, especially if you have agent authorization with a non-zero timeout. The immediate impact on Qubes developers is that one should use separate keys for email and code signing, have your secret keys in separate split-gpg backend domains, and not allow any VM with an email client to make requests to the VM holding your code-signing keys. In other words, have disjoint sets of development and communication domains. I'm glad I had the foresight to so this since the beginning. Yet another instance of features combining in unfortunate ways [1][2]. Yay complexity! :/ Regards, Jean-Philippe [1]: https://web.archive.org/web/20170714094731/http://www.tedunangst.com/flak/post/features-are-faults [2]: https://web.archive.org/web/20170611213655/https://www.tedunangst.com/flak/post/features-are-faults-redux -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/CABQWM_CiOQ1yggBVn9aUSO2YfkpMjOXp0yh5Fh%3DMf7h%3DS2LekA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
