Handling a TOFU conflict
Andre Heinecke
aheinecke at intevation.de
Thu Dec 8 20:13:38 CET 2016
Hi,
On Thursday 08 December 2016 19:36:00 Werner Koch wrote:
> On Thu, 8 Dec 2016 11:34, neal at walfield.org said:
> > reasoned argument. (If there was one please point me to it.)
>
> Aside from discussions here, we discussed this in person, on ohone, and
> on jabber several times. I know that you write a paper where you argued
> that protecting against homograph is important. I do not share this
> view, though. What seems to be a homograph to one person it is a
> plausible different entity to another person.
for the record. I completely agree with werner here and this may hurt
usability through false positives so much that automated crypto is not doable.
> > Then we'll have to disagree. I would honestly and sincerely like to
> > hear what you think TOFU is trying to protect against.
>
> To detect and warn about a different key with the same mail address.
I'm also in agreement, I think TOFU is most important as a tool for automated
encryption. And as long as I won't try to write mails to "T0FU at example.com"
instead of "TOFU at example.com" this is a non issue.
Regards,
Andre
--
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20161208/c6578f79/attachment.sig>
More information about the Gnupg-devel
mailing list