adding TOFU/POP to GnuPG

Daniel Kahn Gillmor dkg at
Fri Mar 14 22:10:56 CET 2014

On 03/14/2014 04:28 PM, Hans-Christoph Steiner wrote:
> Sure, it doesn't need to be OpenPGP.  But GnuPG seemed like a natural place to
> try this out since all of the pieces are there, and its widely deployed and
> tested.

if you don't care about interoperability with the existing OpenPGP
userbase, i think using OpenPGP gets you stuck in a maze of
compatibility and complexity concerns.

> I also worry that complicated systems can also be gamed more easily without
> people noticing.

This is definitely true.

> I think a nice, simple idea to explore here is "secure introductions".
> Basically, if you send multiple people an encrypted email, you include a
> signature marking the key+email combos as trusted.  Then if the recipients
> trust your key+email, their program will automatically import any new
> key+email combos (i.e. download and mark them as trusted).  The whole public
> key could be contained in the secure introduction.

again, I think you're conflating belief in key+userid validity with
trust here, and that conflation is likely to violate people's
assumptions and preferences.

humans are actually pretty good at understanding the difference between
"do you know who this person is?"  and "is this person someone you can
rely on?"  -- the difference is significant.

how many hops into such a chain should these "secure introductions"
propagate automatically?

The other angle that needs consideration for a TOFU/POP workflow is what
sort of experience people should have when things fail.  This is the
achilles heel of TOFU/POP, and despite it coming up rarely in
experience, it actually matters tremendously to the security of the
entire scheme.

What do you think a user should see when a new key appears for one of
their contacts, for whom they already have a key?  is there a way that
the user can distinguish between legitimate key rollover and an
impersonation attack?  What signals do they have to detect and deal with
the situation that are better than "click OK to get on with your work?"


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140314/2de84f37/attachment.sig>

More information about the Gnupg-devel mailing list