TOFU Design
Robert J. Hansen
rjh at sixdemonbag.org
Fri Jul 17 16:11:18 CEST 2015
> I'd like to informally present the high-level design that I'm
> working on for TOFU in GnuPG and some open questions. I'm interested
> in feedback. But if all you have to say is that you think TOFU is a
> bad idea, please restrain yourself.
I didn't see any discussion about the use case where there are multiple
certificates associated with an email address. There are many people
who have such arrangements for a variety of reasons: for instance, up
until very recently I had an RSA certificate for signing Fedora RPMs, a
DSA2 certificate I used for most email, an RSA certificate I used for
testing Enigmail's smartcard support, and an ECDSA certificate I used to
test Enigmail's ECC support.
There needs to be some consideration for the case of multiple
certificates for a given email address. It's just too commonplace to
ignore.
> Should TOFU bindings be exportable?
Definitely not in 1.0. Get a basic system bootstrapped and running, and
then revisit this issue.
More information about the Gnupg-devel
mailing list