TOFU: interacting with the user
Neal H. Walfield
neal at walfield.org
Thu Oct 22 15:29:17 CEST 2015
At Thu, 22 Oct 2015 15:16:16 +0200,
Werner Koch wrote:
>
> On Wed, 21 Oct 2015 15:35, neal at walfield.org said:
>
> > Second, pinentry doesn't currently support TOFU's queries! When a
>
> Right, this is on purpose. When not using Tofu and the key can't be
> verified, gpg already ask the user whether to use use the key anyway.
> There has never been a request to do move this to Pinentry. Instead the
> calling application should display a warning that the key can't be used
> but allow the user to override this (using GPGME_ENCRYPT_ALWAYS_TRUST).
I think I wasn't clear. This is a technical limitation in pinentry.
Pinentry supports 3 options (buttons). TOFU requires 5 options. This
issue is orthogonal to any policy decision that we may or may not
want.
> > key. There are five choices (good, accept once, unknown, reject one,
> > bad). Currently, pinentry only supports up to three buttons. A hack
>
> Similar to what we have now: "yes", "no" ;-)
I'm not sure what you are referring to here.
Thanks,
:) Neal
More information about the Gnupg-devel
mailing list