Handling a TOFU conflict
Neal H. Walfield
neal at walfield.org
Thu Dec 8 20:41:43 CET 2016
On Thu, 08 Dec 2016 20:13:38 +0100,
Andre Heinecke wrote:
> On Thursday 08 December 2016 19:36:00 Werner Koch wrote:
> > On Thu, 8 Dec 2016 11:34, neal at walfield.org said:
> > > reasoned argument. (If there was one please point me to it.)
> >
> > Aside from discussions here, we discussed this in person, on ohone, and
> > on jabber several times. I know that you write a paper where you argued
> > that protecting against homograph is important. I do not share this
> > view, though. What seems to be a homograph to one person it is a
> > plausible different entity to another person.
>
> for the record. I completely agree with werner here and this may hurt
> usability through false positives so much that automated crypto is not doable.
I find it hard to imagine that detecting homographic-based conflicts
would introduce many false positives.
> > > Then we'll have to disagree. I would honestly and sincerely like to
> > > hear what you think TOFU is trying to protect against.
> >
> > To detect and warn about a different key with the same mail address.
>
> I'm also in agreement, I think TOFU is most important as a tool for automated
> encryption. And as long as I won't try to write mails to "T0FU at example.com"
> instead of "TOFU at example.com" this is a non issue.
Serious question: what is this tool (i.e., TOFU) supposed to do? That
is, how is it supposed to help automated encryption?
Thanks,
:) Neal
More information about the Gnupg-devel
mailing list