TOFU code available
Werner Koch
wk at gnupg.org
Thu Oct 22 14:29:05 CEST 2015
On Wed, 21 Oct 2015 13:29, aheinecke at intevation.de said:
>> Nope. We should not overload the Pinentry with functions it is not
>> designed for.
>
> I think it makes sense though. We already have pinentry asking for Root
> Certificate trust in S/MIME and imo the TOFU questions fall in the same
> category. It's just a dialog with a question and some options.
The difference is that there are only a few root certificates
(modulo self-signed stuff) but for Tofu the "root certificate" is
the key of the user. Thus you would have a Pinentry pop up for
each key.
> Some advantages I see:
Right.
My point is that the Pinentry should be rarley Used for non-PIN
request. Exceptions I see are Root CA fingerprints and security update
notification.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-devel
mailing list