On Tue, Feb 03, 2004 at 07:02:36AM +1100, Ben Elliston wrote: > > If I understand the explanation of the patch, it sounds like it > > violates the point of having the pgp/gpg password expire which is > > that the mutt user must provide the password to limit the damage > > done if someone else gains access to the mutt session. Extending > > the cache time of the password allows more spoofed e-mails. > > While this might be true, the trade-off is that I can now set a much > lower timeout value. I used to have a timeout value of 15 minutes > because I got tired of entering my passsphrase so often. Now my > timeout is set to 60 seconds. By my reckoning, this substantially > reduces the likelihood of someone gaining access to my mutt session. Perhaps there should be a pgp option that turns this behavior on or off which is independent of pgp_timeout. -- Will Fiveash (signing my e-mail with GnuPG so you'll know this came from me and not a virus. My key ID is 7D31DC39. Key server: www.keyserver.net)
Attachment:
pgp59ZaADL8IZ.pgp
Description: PGP signature