Re: cleaning up keyrings

["Havoc Pennington" <hp redhat com>]

Hi,

On 8/28/07, David Zeuthen <david fubar dk> wrote:
> One important thing about the gnome-keyring prompts is that they display
> information the user should be able to trust / understand. Things like
> that App X is trying to use the key stored by App Y. [1]

Yeah. I'm not sure these dialogs make sense, but for now I'm ignoring
them and just worrying about how all apps can share the same login
knowledge (you'd still have to allow/deny each app).

For why I don't think they make sense, it's pretty much the same issue as
https://www.redhat.com/archives/fedora-desktop-list/2007-August/msg00309.html
Either you have a secure setup or you don't, dialogs are just a really
annoying-to-the-user way of writing "if (TRUE)" and don't affect the
security materially.

A better approach, for example, would be to have selinux or signatures
or something such that apps that come with the OS are automatically
trusted and the dialog or other obscure procedure only arises for
third-party apps. Then people don't get as used to just clicking "yes"
all the time and _might_ slow down for the dialog when it really
matters.

But, it's a somewhat separate topic from what I was wanting to mess
with right away.

> [1] : In fact I'm skeptical that most users will do more than just click
> through these prompts... if we didn't care about protecting secrets on a
> per-application basis we would be just as well off with encrypted
> homedir and just store secrets in plaintext. And then we wouldn't need a
> keyring API at all.

I think the keyring API is most useful for sharing the login info
between apps, and potentially storing the login info on a server (or a
USB key, or whatever)

Havoc