Handling a TOFU conflict
Neal H. Walfield
neal at walfield.org
Thu Dec 8 11:34:26 CET 2016
On Thu, 08 Dec 2016 11:23:30 +0100,
Werner Koch wrote:
> On Thu, 8 Dec 2016 10:19, neal at walfield.org said:
>
> > Say we have a at example.org and a at example.org (the first a is a latin a
> > and the second a is a Cyrillic a) and we internally normalize them to
>
> As I already mentioned, we won't normalize anything.
Well, you're the boss. Nevertheless, I'd still like to hear a
reasoned argument. (If there was one please point me to it.)
>
> > TOFU is about monitoring bindings to detect conflicts. If we don't
>
> TOFU at example.org and T0FU at example.org are different identities - even if
> you can't see that immediately. _We_ do not need to bother, a MUA _may_
> give a hint that they look similar but that has nothing to do with
> TOFU.
Then we'll have to disagree. I would honestly and sincerely like to
hear what you think TOFU is trying to protect against.
More information about the Gnupg-devel
mailing list