[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch
From: |
Andrew Suffield |
Subject: |
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: |
Mon, 8 Dec 2003 14:35:09 +0000 |
User-agent: |
Mutt/1.5.4i |
On Sun, Dec 07, 2003 at 12:17:20PM -0800, Tom Lord wrote:
> > From: Robert Collins <address@hidden>
>
> > On Mon, 2003-12-08 at 06:13, Tom Lord wrote:
>
> > > 3) Modify arch_pfs_connect to collect a passphrase
>
> > > It's a bit icky to keep the passphrase in tla's memory but I think
> > > it's more reasonable in this case than the alternatives.
>
> > > In libarch/pfs.c(arch_pfs_connect), after connecting, look for
> > > the "signed-archive" file. If present, prompt the user for=20
> > > a passphrase and record it.
>
> > Are you [sure] about this?
>
> No. But pretty sure.
>
> > GPG goes to some lengths to ensure
> > that in-memory passphrases aren't swapped out, so as to prevent
> > presence in cores etc. There are passphrase daemons around that
> > can provide passphrases automatically (see q-agent).
>
> Well, passphrase agents are certainly worth considering -- I don't
> know anything about them yet. I do think that they should be an
> option rather than a requirement.
>
> GPG goes to lengths, sure, but pretty much nothing else in the system
> actually cooperates with that. There they are in my xterm scrollback,
> for example.
If you *must* reimplement quintuple-agent in tla (talk about the
opposite of unix...), make it optional. Some of us have secure signing
mechanisms and would like to keep it that way. Probably most people
who already use gpg seriously, in fact.
--
.''`. ** Debian GNU/Linux ** | Andrew Suffield
: :' : http://www.debian.org/ |
`. `' |
`- -><- |
signature.asc
Description: Digital signature
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, (continued)
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Charles Duffy, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Lord, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Thomas Zander, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch,
Andrew Suffield <=
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/07
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Robert Collins, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/08
- Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Tom Mraz, 2003/12/08
Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch, Karel Gardas, 2003/12/07