[pkg-gnupg-maint] Bug#864788: Bug#864788: Bug#864788: cache TTL values ignored for smartcard PINs

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Jun 16 00:44:23 UTC 2017


On Thu 2017-06-15 21:40:28 +0200, Werner Koch wrote:
> The properties of a smartcard and an on-disk key are very different.  In
> fact a smartcard should be considered another gpg-agent to which
> gpg-agent delegates its operation.

I understand this idea from the implementation perspective, and because
i've been thinking about the GnuPG architecture a lot.

But if a user just wants to plug in a smartcard and "have it Just Work"
then they're going to be surprised to find that caching properties they
were used to before suddenly have disappeared.

Does it make sense to keep this architectural parallel clean, when it
makes the user's mental model more complex?  or would it make sense to
try to map the simpler mental model to the underlying architecture, and
have gpg-agent forward its configuration to the smartcard via scdaemon?

Particularly when the user's configuration says "be more conservative
about caching" it seems unfriendly to ignore that directive when we know
that we could (since the scdaemon access is filtered through gpg-agent
itself).

     --dkgo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20170615/07589fb7/attachment.sig>


More information about the pkg-gnupg-maint mailing list