On Tue 2025-10-28 06:43:16 -0300, David Bremner wrote: > The usual problem is CRL revokation checks. You can disable these in > ~/.gnupgu/gpgsm.conf with > > disable-crl-checks
David means ~/.gnupg/gpgsm.conf of course! > There is obviously a security tradeoff, but I guess it's better than > disabling gpgsm completely fwiw, *doing* crl checks is effectively a privacy problem (e.g., it's easy to build a a "phone home" mechanism out of a CRL if you control the certificate issuer), as well as the efficiency problem that Xiyue Deng is experiencing. And it's not clear that CRL checks are a particularly strong security measure (e.g., a powerful attacker could simply block network traffic to the CRL server). On balance, i recommend setting disable-crl-checks by default. --dkg
signature.asc
Description: PGP signature
_______________________________________________ notmuch mailing list -- [email protected] To unsubscribe send an email to [email protected]
