Re: Fix needed for communication with gpg-agent

[Chong Yidong]

Richard Stallman <address@hidden> writes:

> We need to solve this problem one way or another now, because we
> decided to fix a certain security hole by telling users to use
> gpg-agent.  We don't need the most elegant possible fix, but we
> need something reasonable to use.

Has anyone ever said that not using gpg-agent causes a security hole
(except for you)?

The strongest statement I've ever seen is that gpg-agent is highly
recommended, since it provides the most secure way of inputting
passphrases.  Basically, the worry is that someone could somehow
change the Elisp code in your Emacs session so that it records your
passphrase as you are entering it.  This is a non-zero but minuscule
risk.

In other words, if you want to be as secure as possible, use X.

Note that if someone is in a position to corrupt your Emacs session,
it is only a little more trouble to create and redirect you to a fake
version of gpg-agent that will intercept your passphrase anyway.  So
you are screwed even if you use gpg-agent in X.

As Ken Thompson once noted, all security risks are relative.