Opened 2 years ago

Last modified 9 months ago

#17533 new enhancement

do not use keyserver-options in Whonix

Reported by: proper Owned by: sukhbir
Priority: Medium Milestone:
Component: Applications/TorBirdy Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

If Whonix is detected, could you prevent adding --keyserver-options http-proxy=http://127.0.0.1:8118 please?

Since enigmail just calls gpg. And since everything is torified in Whonix anyway, and since gpg is stream isolated (by uwt wrapper) anyhow, there is no need for this setting in Whonix.

As a result, using enigmail's keyserver features would work out of the box in Whonix.

Child Tickets

Change History (5)

comment:1 Changed 2 years ago by elypter

whonix was build to not be easily detectable. besides that a failure in the detection function could open an attack vector. making a slightly different version of torbirdy for whonix would be a better option.

comment:2 in reply to:  1 Changed 2 years ago by proper

Replying to elypter:

whonix was build to not be easily detectable.

From within Whonix, it is very easy to detect Whonix. TorBirdy is already doing this.

Patrick Schleizer
Whonix developer

comment:3 Changed 2 years ago by cypherpunks

Could Torbirdy simply provide an opt-out option to remove the --keyserver part?
That would also solve #14025

comment:4 in reply to:  3 Changed 2 years ago by proper

Replying to cypherpunks:

Could Torbirdy simply provide an opt-out option to remove the --keyserver part?

We still would want that opt-out option to be enabled as soon as Whonix is detected.

That would also solve #14025

Also for #14025 it would be desirable for that opt-out option to be enabled as soon as a SplitGPG setup is detected.

comment:5 Changed 9 months ago by sukhbir

Have the requirements for this changed since the ticket was opened? (Sorry, been a long a time). I am wondering if the changes in #19971 are relevant to Whonix in any way?

Note: See TracTickets for help on using tickets.