the TOFU lie - or why I want my meat...
Neal H. Walfield
neal at walfield.org
Fri Apr 10 10:06:44 CEST 2015
Hi Bernd,
At Thu, 9 Apr 2015 22:04:46 +0200,
lists-gnupgdev at lina.inka.de wrote:
> Am Thu, 09 Apr 2015 17:16:24 +0200
> schrieb "Neal H. Walfield" <neal at walfield.org>:
>
> > I think it is fair to summarize your post as follows: TOFU is
> > significantly weaker than the Web of Trust and adoption of TOFU will
> > weaken the WoT. Although you provide a number of arguments that
> > support your claim that TOFU is weak,
>
> I think "significantly weaker" does not apply as the two concepts are
> not either-or: you can check the keys in critical situations (and in
> those I would only rely on first hand verified keys anyway). Having TOFU
> in that scenario by default only increases automated checks for mostof
> the time where you do not care about a trust path anyway, and therefore
> strengthen the overall PGP communication "quality".
>
> And of course a WoT is not weakend if you do TOFU in addition - as long
> as you do not use TOFU informations for signing
>
> And even then, there
> are enough WoT participants today which already do weak checking:
I agree that it is reasonable to use both the WoT and TOFU to better
identify inconsistencies (i.e., keys changing). I think Christoph
argued that using TOFU will undermine the WoT, because people will
think TOFU is enough and as such not support the WoT as much. This is
a worse-is-better argument: the existence of an easy half-solution
means fewer people will embrace the more difficult full solution. I
often agree with this argument, but in this case, I don't think it
applies: the WoT is not better (i.e., more secure) than TOFU.
Neal
More information about the Gnupg-devel
mailing list