[OTR-users] Pretty-please standardize OTR signature storage, per OS.
Tamme Schichler
tammeschichler at googlemail.com
Tue Sep 10 18:50:30 EDT 2013
Am 10.09.2013 23:41, schrieb subharo at hushmail.com:
> Hopefully a simple solution exists, which still makes your idea
> attractive (over my original proposition, which just used plain old
> filesystem operations, simply relying on filesystem permissions as
> a convenient security mechanism).
As I mentioned before, we could use domain sockets on Unix, like
gpg-agent does. They are bound to nodes in the file system instead of
the network and therefore obey file system permissions. If we bind to a
location in the home directory (or a more protected one, I don't know
Unix directory structure) that should offer the same protections.
More information about the OTR-users
mailing list