TOFU - motivation

Nicholas Cole nicholas.cole at
Sat Apr 4 18:26:09 CEST 2015

On Saturday, 4 April 2015, Werner Koch <wk at> wrote:

> On Tue, 31 Mar 2015 22:15, rjh at <javascript:;> said:
> > The Web of Trust handles this by allowing people to decide their own
> > trusted introducers.  But for system-wide TOFU, *every* application with
> > write access to the DB is a trusted introducer.
> I think there is a misunderstanding.  There won't be a system-wide TOFU.
> The database storing the TOFU data will be local to the gnupg home
> directory in the very same way as the ownertrust (trustdb.gpg) is.

Why add the complexity of a second database? Why not use a local signature
(perhaps with a special flag).  Seems much simpler to me and would work
with existing tools.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150404/e89c2208/attachment-0001.html>

More information about the Gnupg-devel mailing list