Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Saturday, 25 November 2017 09:03:42 UTC+8, Leo Gaspard wrote: > On 11/24/2017 08:27 AM, Elias Mårtenson wrote: > > The attack scenario you describe just doesn't seem as serious to me as > > it does to you. This > > scenario would involve a rogue application calling qubes-gpg-client to > >

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On 11/24/2017 08:27 AM, Elias Mårtenson wrote: > The attack scenario you describe just doesn't seem as serious to me as > it does to you. This > scenario would involve a rogue application calling qubes-gpg-client to > attempt to sign some > data, and somehow manage to trick me into accepting the

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Fri, Nov 24, 2017 at 2:27 AM, Elias Mårtenson wrote: > On Friday, 24 November 2017 15:05:27 UTC+8, Jean-Philippe Ouellet wrote: > >> >> ...but surely not *all* of them able to do perform any operation they >> want on any data they want using any key they want as soon as you

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Friday, 24 November 2017 15:05:27 UTC+8, Jean-Philippe Ouellet wrote: > ...but surely not *all* of them able to do perform any operation they > want on any data they want using any key they want as soon as you > authorize it once for any VM! (by default the agent authorizes any use > of

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Fri, Nov 24, 2017 at 1:50 AM, Elias Mårtenson wrote: > On Friday, 24 November 2017 14:46:47 UTC+8, Elias Mårtenson wrote: >> >> On Friday, 24 November 2017 14:39:26 UTC+8, Jean-Philippe Ouellet wrote: >> >>> >>> Use a specific source vm in the first field, not $anyvm,

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Friday, 24 November 2017 14:46:47 UTC+8, Elias Mårtenson wrote: > > On Friday, 24 November 2017 14:39:26 UTC+8, Jean-Philippe Ouellet wrote: > > >> Use a specific source vm in the first field, not $anyvm, otherwise you >> may actually be better off without split-gpg entirely depending on >>

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Friday, 24 November 2017 14:39:26 UTC+8, Jean-Philippe Ouellet wrote: > No! I would very strongly recommend against that! > > That allows any VM (including entirely untrusted ones, like sys-net, > DispVMs with who knows what, etc.) to sign & decrypt stuff with your > keys! > > Use a

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Fri, Nov 24, 2017 at 1:35 AM, Elias Mårtenson wrote: > On Friday, 24 November 2017 12:10:06 UTC+8, Jean-Philippe Ouellet wrote: > >> >> Explicitly allowing it in policy e.g. >> some-vmsome-vm-keysallow >> in /etc/qubes-rpc/policy/qubes.Gpg will stop asking for

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Friday, 24 November 2017 12:10:06 UTC+8, Jean-Philippe Ouellet wrote: > Explicitly allowing it in policy e.g. > some-vmsome-vm-keysallow > in /etc/qubes-rpc/policy/qubes.Gpg will stop asking for confirmation each > time. Thank you. Adding “$anyvm private-gpg allow” to the

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Thu, Nov 23, 2017 at 11:09 PM, Jean-Philippe Ouellet wrote: > On Thu, Nov 23, 2017 at 10:47 PM, Elias Mårtenson wrote: >> I'm using split-gpg, and I end up using it a lot since I sign my git commits >> using it. >> >> Since upgrading to 4.0rc2, I have noticed

Re: [qubes-devel] split-gpg keeps asking for target VM when it shouldn't need to

On Thu, Nov 23, 2017 at 10:47 PM, Elias Mårtenson wrote: > I'm using split-gpg, and I end up using it a lot since I sign my git commits > using it. > > Since upgrading to 4.0rc2, I have noticed that every time a VM wants to call > out to the GPG VM, > a dialog box is shown