TOFU - motivation

Werner Koch wk at
Sat Apr 4 12:06:13 CEST 2015

On Tue, 31 Mar 2015 20:26, neal at said:

> GnuPG.  In this note, I want to lay the ground work.  This is probably
> uncontroversial, but I think it is important to state it explicitly.

It seems some folks don't like that concepts but after all it is what
Marcus and me suggested in our STEED proposal.

I am not sure who mentioned that years ago on the cryptography list: We
hackers want all the users to understand and use complicated things like
the WoT or Bridge-CAs but for our own day to day work we rely on a
single simple and easy to explain method: ssh's known_hosts.  Which is
what we now call TOFU.

> case, an email address) and a key.  The idea is the following.  The
> first time that we observe a message from a particular email address,
> we record the email and the key.  After that, each time we receive a

I think it is important to also offer other ways of seeding this
relationship.  For example: Taken from a visiting card, received by
mail, retrieved via DNS(SEC) and so on.  Such an origin data field can
can then be used to bump up or down the initial trust one can have in
this key/mail relationship.

> Implementing the logic in GnuPG has a small trade-off: it's not quite
> the right level of abstraction.  That is, it is probably easier to
> implement TOFU in an MUA.  For instance, if there is a mismatch, the

Right.  This has already been discussed more than 10 years ago when we
rewrote Kmail and Mutt where I proposed to also extend the address books
to keep track of fingerprints and communication history.  However, the
budget for these projects and their milestone plan did not have enough
room to implement this.  To my disappointment no volunteer stepped into
it and added this to the addressbook.  Thus I think it is the right
approach to help implementers by offering a GnuPG feature to store and
use this information.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list