On Saturday, 25 November 2017 09:03:42 UTC+8, Leo Gaspard wrote:
> On 11/24/2017 08:27 AM, Elias Mårtenson wrote:
> > The attack scenario you describe just doesn't seem as serious to me as
> > it does to you. This
> > scenario would involve a rogue application calling qubes-gpg-client to
> >
On 11/24/2017 08:27 AM, Elias Mårtenson wrote:
> The attack scenario you describe just doesn't seem as serious to me as
> it does to you. This
> scenario would involve a rogue application calling qubes-gpg-client to
> attempt to sign some
> data, and somehow manage to trick me into accepting the
On Fri, Nov 24, 2017 at 2:27 AM, Elias Mårtenson wrote:
> On Friday, 24 November 2017 15:05:27 UTC+8, Jean-Philippe Ouellet wrote:
>
>>
>> ...but surely not *all* of them able to do perform any operation they
>> want on any data they want using any key they want as soon as you
On Friday, 24 November 2017 15:05:27 UTC+8, Jean-Philippe Ouellet wrote:
> ...but surely not *all* of them able to do perform any operation they
> want on any data they want using any key they want as soon as you
> authorize it once for any VM! (by default the agent authorizes any use
> of
On Fri, Nov 24, 2017 at 1:50 AM, Elias Mårtenson wrote:
> On Friday, 24 November 2017 14:46:47 UTC+8, Elias Mårtenson wrote:
>>
>> On Friday, 24 November 2017 14:39:26 UTC+8, Jean-Philippe Ouellet wrote:
>>
>>>
>>> Use a specific source vm in the first field, not $anyvm,
On Friday, 24 November 2017 14:46:47 UTC+8, Elias Mårtenson wrote:
>
> On Friday, 24 November 2017 14:39:26 UTC+8, Jean-Philippe Ouellet wrote:
>
>
>> Use a specific source vm in the first field, not $anyvm, otherwise you
>> may actually be better off without split-gpg entirely depending on
>>
On Friday, 24 November 2017 14:39:26 UTC+8, Jean-Philippe Ouellet wrote:
> No! I would very strongly recommend against that!
>
> That allows any VM (including entirely untrusted ones, like sys-net,
> DispVMs with who knows what, etc.) to sign & decrypt stuff with your
> keys!
>
> Use a
On Fri, Nov 24, 2017 at 1:35 AM, Elias Mårtenson wrote:
> On Friday, 24 November 2017 12:10:06 UTC+8, Jean-Philippe Ouellet wrote:
>
>>
>> Explicitly allowing it in policy e.g.
>> some-vmsome-vm-keysallow
>> in /etc/qubes-rpc/policy/qubes.Gpg will stop asking for
On Friday, 24 November 2017 12:10:06 UTC+8, Jean-Philippe Ouellet wrote:
> Explicitly allowing it in policy e.g.
> some-vmsome-vm-keysallow
> in /etc/qubes-rpc/policy/qubes.Gpg will stop asking for confirmation each
> time.
Thank you.
Adding “$anyvm private-gpg allow” to the
On Thu, Nov 23, 2017 at 11:09 PM, Jean-Philippe Ouellet wrote:
> On Thu, Nov 23, 2017 at 10:47 PM, Elias Mårtenson wrote:
>> I'm using split-gpg, and I end up using it a lot since I sign my git commits
>> using it.
>>
>> Since upgrading to 4.0rc2, I have noticed
On Thu, Nov 23, 2017 at 10:47 PM, Elias Mårtenson wrote:
> I'm using split-gpg, and I end up using it a lot since I sign my git commits
> using it.
>
> Since upgrading to 4.0rc2, I have noticed that every time a VM wants to call
> out to the GPG VM,
> a dialog box is shown
11 matches
Mail list logo