Handling a TOFU conflict

Werner Koch wk at gnupg.org
Fri Dec 9 11:30:19 CET 2016

On Thu,  8 Dec 2016 22:11, neal at walfield.org said:

> A homographic attack is not an attack on TOFU; it is an attack on the
> user.  TOFU can help prevent such attacks.

Maybe a TOFU system can helper.  However, this is not for what we use

> I agree that we want to use TOFU to provide weak authentication (i.e.,
> verify that entity X controls key Y).

TOFU means Trust on _First Use_ and that is what we need.  We trust the
mail address and its key on the first use and we want the TOFU code to
tell us about a conflict and help to resolve a possible conflict (i.e. a
a key with a mail address which is not legitimate).

> The difficult question is: how to we find an appropriate key for a
> given entity when we haven't verified the entity?  It is appealing to
> use TOFU, whose judgments are based on history, but this is a hack.

That is not the goal of TOFU.  To discover the key for a given address
we have other methods (DANE, WKD, signature verification).

> question: "If I want to send a message to bob at example.com what is the
> best key?"  How exactly this works is an implementation detail, but it

That is not the question.  There will only be one key for
bob at example.com.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: </pipermail/attachments/20161209/3063606f/attachment-0001.sig>

More information about the Gnupg-devel mailing list