<p dir="ltr">Perhaps you could insert a choice during the installation process? OpenPGP, S/MIME or both.</p>
<p dir="ltr">I would guess that most people never use S/MIME and that having unnecessary services running in the background will be of no use to them. I have plenty of RAM and CPU on my computers so the only problem I have maybe once or twice a year is that DirMngr crashes, but I can live with that as GPG4Win is free. But as there are plenty of services running in the background both on Windows and Linux slowing hundreds of millions of computers down daily, why not give the users a choice if they want to enable S/MIME related services or not?</p>
<p dir="ltr">My guess is that S/MIME mostly is in use inside larger companies and organisations because it facilitates the work for IT admins? For normal users OpenPGP would probably be the first choice right?</p>
<p dir="ltr">/David</p>
<p dir="ltr">PS. Chris, I don't think we as a security focused community should discuss software based on conspiracy theories. If we have proof that something leakes to NSA, then we should say it openly to the whole world. But let's not insinuate things about security software just because we don't know what it does. The Swedish and German programmers that have created DirMngr have probably no interest in providing information to NSA and such. Using GPG is most likely far more secure than not using it.</p>
<div class="gmail_quote">Den 4 sep 2014 11:17 skrev "Andre Heinecke" <<a href="mailto:aheinecke@intevation.de">aheinecke@intevation.de</a>>:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
On Thursday, September 04, 2014 12:30:42 AM Chris Marlow wrote:<br>
> Hi,<br>
><br>
> The current stable version, gpg4win-2.2.1, exhibits a rather unsettling<br>
> behavior when installed on a Microsoft Windows OS.<br>
<br>
Every installation of gnupg2 does this, not Windows specific. Under Linux<br>
dirmngr also runs as a service with its own user account. Dirmngr is necessary<br>
to handle certificate revocation lists of S/MIME certificates and handles the<br>
trust in the root certificates.<br>
<br>
> After installation even when gpg4win is not launched, dirmngr.exe is running<br>
> in the background, consuming some system resources.<br>
<br>
Yes it is launched as a system service. You can disable this like any other<br>
service in system settings / management / services. If you do not use S/MIME<br>
or disable CRL checks this might not affect functionality.<br>
<br>
> It might even be sending data back to servers controlled by the NSA, GCHQ,<br>
> KGB or German BND.<br>
<br>
Dirmngr will of course not send anything unrelated, but it will request CRL's<br>
from your trusted root CA's. This is traffic that can be monitored.<br>
<br>
> Could the developers prevent dirmngr.exe from ever running in the background<br>
> when gpg4win is not launched by the user?<br>
<br>
Afaik dirmngr is launched as a service and not on demand as it controls the<br>
certificate trust decisions regarding S/MIME, a job traditionally controlled by<br>
the System Administrator and not the user.<br>
<br>
I also think that it probably is run in the background so that it can fetch<br>
CRL's in the background so that you don't have to wait until a 5mb CRL is<br>
fetched when you want to sign a mail. But I'm not sure about this as I have<br>
faced some delays while waiting for CRL checks.<br>
<br>
<br>
Best regards,<br>
Andre<br>
<br>
--<br>
Andre Heinecke | ++49-541-335083-262 | <a href="http://www.intevation.de/" target="_blank">http://www.intevation.de/</a><br>
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998<br>
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner<br>_______________________________________________<br>
Gpg4win-users-en mailing list<br>
<a href="mailto:Gpg4win-users-en@wald.intevation.org">Gpg4win-users-en@wald.intevation.org</a><br>
<a href="https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en" target="_blank">https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/gpg4win-users-en</a><br></blockquote></div>