search

QubesOS / qubes-issues

The Qubes OS Project issue tracker
https://www.qubes-os.org/doc/issue-tracking/
541 stars 48 forks source link

Disable Split GPG while screen locker is active #2443

Open andrewdavidwong opened 7 years ago

andrewdavidwong commented 7 years ago

On 2016-11-18 09:39, Michael Carbone wrote:

Marek Marczykowski-Górecki:

On Fri, Nov 18, 2016 at 02:49:00PM +0000, Michael Carbone wrote:

From a security perspective without timestamps in the access logs (https://github.com/QubesOS/qubes-issues/issues/1835) a malicious pre-approved email client could just decrypt emails in mass when the user is AFK to avoid notifying the user, so I see little security benefit.

That's true indeed. I wonder if blocking split-gpg while screenlocker is engaged would make sense? Currently similar purpose have confirmation with a 5min timeout.

I think that's an excellent idea.

o- commented 7 years ago

Hi, I just stumbled upon this issue. I think it is certainly a good idea. I just wanted to note, that there are usecases for using split-gpg in the background (for example indexing a large mailbox with notmuch). If possible it should be made configurable somehow.