Handling a TOFU conflict

Andre Heinecke aheinecke at intevation.de
Thu Dec 8 20:13:38 CET 2016


On Thursday 08 December 2016 19:36:00 Werner Koch wrote:
> On Thu,  8 Dec 2016 11:34, neal at walfield.org said:
> > reasoned argument.  (If there was one please point me to it.)
> Aside from discussions here, we discussed this in person, on ohone, and
> on jabber several times.  I know that you write a paper where you argued
> that protecting against homograph is important.  I do not share this
> view, though.  What seems to be a homograph to one person it is a
> plausible different entity to another person.

for the record. I completely agree with werner here and this may hurt 
usability through false positives so much that automated crypto is not doable.

> > Then we'll have to disagree.  I would honestly and sincerely like to
> > hear what you think TOFU is trying to protect against.
> To detect and warn about a different key with the same mail address.

I'm also in agreement, I think TOFU is most important as a tool for automated 
encryption. And as long as I won't try to write mails to "T0FU at example.com" 
instead of "TOFU at example.com" this is a non issue.


Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20161208/c6578f79/attachment.sig>

More information about the Gnupg-devel mailing list