adding TOFU/POP to GnuPG

Werner Koch wk at gnupg.org
Fri Mar 14 18:25:13 CET 2014 

On Fri, 14 Mar 2014 16:10, hans at guardianproject.info said:

> * full SSH style TOFU/POP keyring: the process of adding a key to your local
> keyring marks it as trusted.  signatures also mark keys as trusted

You can't compare ssh's key management to GnuPG's.  Indeed ssh works the
way you describe it but ssh also uses the only the bare key without any
metadata.

In our Steed paper [1] we looked in how to implement a TOFC (aka TOFU)
system into OpenPGP and S/MIME.  In Steed we do not want to talk about
key ids or fingerprints but use only the mail address to identify the
key.  To evaluate whether a MitM has been mounted we will need to keep a
list of recent contacts.  That requires closer interaction with the MUAs
and can't be done by gpg alone.  However, to make things easier GnuPG
should keep that list of contacts.

> * or a more GnuPG style: adding a key to the local keyring adds some trust,
> but not as much as a signature.

Not a good idea because the keyring has always been used as white pages
or as a cache for the keyservers.  Redefining it to gpg's known_hosts is
not a good idea at all.

Further the notion of different trust levels is hard to define and to
explain.  For that reason we basically use only 3 levels:

  - Bad
  - Might be good but needs manual inspection due to expiration,
    revocation, no computed trust.
  - Good

GPGME uses flags named red, yellow, and green for tehse levels and some
MUAs put a such colored frame around the message.  

With Steed a mail would be rendered yellow on the very first (few)
contact(s) and latter either green or red.  In case a key has been
superseded due to a lost passphrase, the mail would be rendered red but
a list of previous contacts will be displayed to help the user to
evaluate what might have happened.  Unfortunately certain circumstances
delayed the development of a prototype but there is still a lot of
interest in such a system.

>does provide a benefit.  It also does not prevent users from doing
>stricter verification at any time.

Users won't do that.


Salam-Shalom,

   Werner


[1] http://g10code.com/steed.html

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list