TOFU - motivation
nicholas.cole at gmail.com
Mon Apr 6 12:48:24 CEST 2015
On Monday, 6 April 2015, Werner Koch <wk at gnupg.org> wrote:
> > I just thought that if gpg-agent were storing the passphrase, then
> > making a local signature would not actually be a hassle. Give it a
> For me and some other this won't work because we keep our primary key
People who know enough to do that and are cautious enough to do that
probably shouldn't be using TOFU. ;-)
But you could always have a less secure online key for TOFU.
Seriously though, the reason I think my idea might be worth implementing is
that it provides a pathway to teach users to be more secure, rather than
being a completely separate system.
"this signature was made automatically when you first used the key. For
better security you should check the fingerprint and upgrade the
signature." Or similar.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-devel