[Gpg4win-users-en] trust path to Gpg4win installer and suggestions

Bernhard Reiter bernhard at intevation.de
Mon Nov 25 11:08:09 CET 2013


Hi Bry8,

On Thursday 21 November 2013 at 11:26:05, Bry8 Star wrote:
> THANKS.
> your email was also gpg signed :)

you are welcome!

> pls if you kindly also see few info i posted below, in between
> yours, if you have time/chance, thanks in advance.

Thanks for the write up, to be frank, this is too much for me to grok
and because without some research I cannot evaluate it, if it at
all increases some security and where. Again: the code signed executable
may already be above the security level that most people can reach
with their operating system. And security is always about the weakest link.

More improvements come down to the "we need more resources" question.

> > Securing DNS better is an idea, we will think about.
> > (It competes with a lot of other ideas how to improve the Gpg4win
> > security and user experience. And we are in search of funding.)

> mentioned are all free solutions . and gpg4win definitely needs more
> funding . then pls enable in future : HKPS feature in gpg4win ,

I believe that there already is a report for this wish already.
It is about how to build with the right options and libraries.

> a  way/option to disable gpg-agent (if not needed for a particular
> implementation) , 

Gpg-agent is always needed when accessing "private" key parts.
Some installations may only access public certificates without Gpg-agent.

> enable dane/TLSA checking during HKPS connection 
> (and adding some indicative meta-tag, by the way, GnuTLS already
> supports DANE+DNSSEC) , 

GnuTLS certainly is a good choice for SSL handling,
but of course the operating systems library as other advantages as well.

> portable gpg4win (as GPG related email is 
> accessed more from multiple location from USB portable drive,
> current gpg4win seems to be fixed with fix location, when in
> portable mode, it need stay within owner's usb drive), etc.

There is portable support in Gpg4win since 2.2.0.

Best Regards,
Bernhard

-- 
www.intevation.de/~bernhard (CEO)    www.fsfe.org (Founding GA Member)
Intevation GmbH, Osnabrück, Germany; Amtsgericht Osnabrück, HRB 18998
Owned and run by Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20131125/74828825/attachment.sig>


More information about the Gpg4win-users-en mailing list