TOFO trust model should recognize ultimately trusted keys

Neal H. Walfield neal at
Wed Oct 21 13:58:02 CEST 2015

Hi Andre,

Thanks for the feedback and your help with debugging yesterday!

At Tue, 20 Oct 2015 19:46:23 +0200,
Andre Heinecke wrote:
> On Sunday 18 October 2015 19:03:22 Neal H. Walfield wrote:
> Using trust model "tofu+pgp":
> - Binding problems occured with my own keys (having multiple UId's on different 
> keys). I find it strange that I am asked if one of my own keys is "Good". I 
> would suggest that you can just assume an answer of "Good" in case the key is 
> signed by a key with ultimate trust or is itself ultimately trusted.

I've checked in some code so that both the tofu and the tofu+pgp
models will recognize ultimately trusted keys as good.  I don't think
the TOFU model should consider signatures at all.  This is what the
pgp part of the tofu+pgp model is for.



More information about the Gnupg-devel mailing list