TOFU code available

Andre Heinecke aheinecke at
Tue Oct 20 19:46:23 CEST 2015


On Sunday 18 October 2015 19:03:22 Neal H. Walfield wrote:
> I've now pushed the TOFU code to master.  It will be part of the next
> release.  It would be great to get some feedback on it. 

I've tried this out today. My observations in this mail are based on rev. 

Using trust model "tofu+pgp":

- Binding problems occured with my own keys (having multiple UId's on different 
keys). I find it strange that I am asked if one of my own keys is "Good". I 
would suggest that you can just assume an answer of "Good" in case the key is 
signed by a key with ultimate trust or is itself ultimately trusted.

- When running multiple keylists in parallel (Happens when Kleopatra is 
running) after activating tofu-pgp trust model and running the first keylisting 
leads to some errors. (We've talked about this on jabber already)

- The performance of the initial tofu db build is quite bad.
One of your changes today roughly doubled the time I currently need to build 
the inititial tofu db. After removing the tofu.d the first keylisting now takes 
about 45 seconds.
I think this needs some profiling and optimization as that's with a homedir on 
a SSD with an i7 2600k CPU and a keyring with "just" 615 keys.

- In KMail / with Kleopatra  messages signed with previously unknown keys are 
shown as a good (green) signature with the details:
The signature is valid and the key is marginally trusted.

(Btw. I think that trust is the wrong word here but that's unrelated as this 
is KMail internal ;-) )

While this appears basically Ok to me. This is probably too little 
information. But I think it could work (without changes to KMail or Kleopatra 
neccessary) if we would implement gpgme getauditlog for OpenPGP and fill it 
with the tofu statistics shown on the command line.
More detailed verify information for OpenPGP as part of the Auditlog is 
something we already have our TODO list for the Gpg4all project. So we could 
probably add tofu details as part of that work?

KMail / Kleo both already query gpgme for an auditlog for every verification 
and should make it available when it is available.

I've not yet tested what happens in case of conflicts where the command line 
would ask questions. Maybe bring up a pinentry prompt for that?


While I'm pointing out the negative things I noticed in general I'm very happy 
that Tofu is moving forward. :)
Andre Heinecke |  ++49-541-335083-262  |
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20151020/7b8aa108/attachment.sig>

More information about the Gnupg-devel mailing list