[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security flaw in pgg-gpg-process-region?

From: Sascha Wilde
Subject: Re: Security flaw in pgg-gpg-process-region?
Date: Sun, 12 Nov 2006 22:38:41 +0100
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.0.90 (gnu/linux)

Richard Stallman <address@hidden> wrote:

> What is the current state of gpg-agent?

gpg-agent is not yet part of the stable GnuPG distribution, but
despite that it's considered stable and ready for production use.

There are some general usability problems with gpg-agent in
conjunction with pinentry (a utility program used for passphrase input
when gpg-agent is used without the smartcard support) -- but these
issues only show up in certain complex situations and I wouldn't
consider them a show stopper.

My gpg-agent related code in pgg is part of CVS Emacs as well as the
current stable gnus release, and I'm not aware of any problems with
it.  (I remember Daiki was working on a technically more elegant
version, but don't know its current status.)

In conclusion I would say that using pgg with gpg-agent can be
recommended as best practice, but there are some obstacles which might
make it hard for the average user to follow this advise:
- GNU/Linux distributions might not have packages of gpg-agent
- I don't know about support for gpg-agent on non unixoid platforms
- users might encounter situations in which gpg-agent/pinentry won't
  work as expected

Sascha Wilde
Life's too short to read boring signatures

reply via email to

[Prev in Thread] Current Thread [Next in Thread]