<<< Date Index >>>     <<< Thread Index >>>

Re: PGP timeout patch



On Tue, Feb 03, 2004 at 07:02:36AM +1100, Ben Elliston wrote:
> > If I understand the explanation of the patch, it sounds like it
> > violates the point of having the pgp/gpg password expire which is
> > that the mutt user must provide the password to limit the damage
> > done if someone else gains access to the mutt session.  Extending
> > the cache time of the password allows more spoofed e-mails.
> 
> While this might be true, the trade-off is that I can now set a much
> lower timeout value.  I used to have a timeout value of 15 minutes
> because I got tired of entering my passsphrase so often.  Now my
> timeout is set to 60 seconds.  By my reckoning, this substantially
> reduces the likelihood of someone gaining access to my mutt session.

Perhaps there should be a pgp option that turns this behavior on or off
which is independent of pgp_timeout.

-- 
Will Fiveash
(signing my e-mail with GnuPG so you'll know this came from me and not
 a virus. My key ID is 7D31DC39. Key server: www.keyserver.net)

Attachment: pgp59ZaADL8IZ.pgp
Description: PGP signature