TOFU code available
Neal H. Walfield
neal at walfield.org
Thu Oct 22 15:06:57 CEST 2015
At Thu, 22 Oct 2015 14:29:05 +0200,
Werner Koch wrote:
> On Wed, 21 Oct 2015 13:29, aheinecke at intevation.de said:
> >> Nope. We should not overload the Pinentry with functions it is not
> >> designed for.
> > I think it makes sense though. We already have pinentry asking for Root
> > Certificate trust in S/MIME and imo the TOFU questions fall in the same
> > category. It's just a dialog with a question and some options.
> The difference is that there are only a few root certificates
> (modulo self-signed stuff) but for Tofu the "root certificate" is
> the key of the user. Thus you would have a Pinentry pop up for
> each key.
This is not the case. We only require user interaction if there is a
conflict. The default policy is to silently set the policy to auto.
Moreover, the user of pinentry doesn't change the number of user
interactions so this is a bit of a red herring.
More information about the Gnupg-devel