adding TOFU/POP to GnuPG

Hans-Christoph Steiner hans at
Fri Mar 14 16:10:09 CET 2014

One simple idea has proven quite useful in improving security in other
protocols, but remains unimplemented in OpenPGP/GnuPG (as far as I know):
Trust On First Use/Persistence of Pseudonym (TOFU/POP).  TOFU/POP is how the
vast majority of people validate ssh host keys.  The idea is to mark a key
with some degree of trust on the first use (in ssh, its full trust).  Then
that creates a pseudonym for the service in question (i.e. the ssh server you
ssh'ed to) which is persisted forever.

I think that this idea would also be quite useful with OpenPGP.  I can see it
two ways:

* full SSH style TOFU/POP keyring: the process of adding a key to your local
keyring marks it as trusted.  signatures also mark keys as trusted

* or a more GnuPG style: adding a key to the local keyring adds some trust,
but not as much as a signature.

While this does not provide as strong a verification as an OpenPGP signature
on a key, it is also much more likely to actually happen, and does provide a
benefit.  It also does not prevent users from doing stricter verification at
any time.

Comments, flames, examples?


PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81

More information about the Gnupg-devel mailing list