TOFU - motivation

Nicholas Cole nicholas.cole at
Mon Apr 6 00:15:21 CEST 2015

On Sun, Apr 5, 2015 at 6:30 PM, Werner Koch <wk at> wrote:
> On Sat,  4 Apr 2015 18:26, nicholas.cole at said:
>> Why add the complexity of a second database? Why not use a local signature
>> (perhaps with a special flag).  Seems much simpler to me and would work
>> with existing tools.
> Because you would need to sign your key each time you verify a mail from
> someone.  Sure, it could be put into an unhashed signature subpacket but
> maintaining this is pretty complex.  For example you need to copy the
> data over to the latest valid self-signature and be prepared for
> conflicts after importing updates of the key.  A separate and random
> access DB is much easier to work with when it comes to local data.

Oh, no point at all putting it in to an unhashed packet.

I just thought that if gpg-agent were storing the passphrase, then
making a local signature would not actually be a hassle. Give it a
notation or similar to make it clear what is going on, but otherwise
it would be completely transparent to other tools.  You could upgrade
the signature if needed, or revoke it, etc.

More information about the Gnupg-devel mailing list