TOFU code available

Andre Heinecke aheinecke at intevation.de
Wed Oct 21 13:29:20 CEST 2015


Hi,

On Tuesday 20 October 2015 22:36:57 Werner Koch wrote:
> On Tue, 20 Oct 2015 19:46, aheinecke at intevation.de said:
> > I've not yet tested what happens in case of conflicts where the command
> > line would ask questions. Maybe bring up a pinentry prompt for that?
> 
> Nope.  We should not overload the Pinentry with functions it is not
> designed for.

I think it makes sense though. We already have pinentry asking for Root 
Certificate trust in S/MIME and imo the TOFU questions fall in the same 
category. It's just a dialog with a question and some options. 

Some advantages I see:

- User visible strings would all be in GnuPG itself. (And thus unified and 
centrally l10n'ed) And the same as in the CLI.
- It would be controlled by GnuPG. If there are changes they are always in 
line with the GnuPG version. 
- No need for a complex protocol to handle these interactions through gpgme.

And there would be no need to adapt existing MUA's :-)


Regards,
Andre

-- 
Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20151021/f4caedbc/attachment.sig>


More information about the Gnupg-devel mailing list