TOFU for GnuPG

[MFPA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Saturday 31 October 2015 at 8:27:09 PM, in
<mid:87twp67pia.wl-neal at walfield.org>, Neal H. Walfield wrote:


> N is the number of unique signatures.  If you verify
> the message signature multiple times, it will only
> count once.

Cool.



> I'm sure we could do something like this, but it sounds
> like adding complexity, which doesn't seem justified.

Yes, it seemed like a great suggestion until I tried to construct in
my mind a way in which it would be useful. (I think the idea occurred
to me when I was reading the discussion about whether GnuPG logging
how often I received emails from a particular sender was problematic.)



Another thought. New signatures from a key that has long been inactive
may arouse suspicion. Perhaps it would be useful to output how long
ago was the last message verified. For example:-

"66 messages signed over the past 3 years. The last was 1 year 10
months ago."



- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

Always be on the lookout for conspicuousness
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJWNe6NXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXw7PsIAKhh8R/ObXpXJfzeBoh1Jfyr
hB35bJ+7rM51nH02/z28dwXas4gqq+sHG2pK4Jv7WaW4eJ5p5OUd7JyAoc6NinoT
z8MpnxoYraAFr9oufxXmbShSEVdiMnFxC/wSLxQmJA+cc4xKbXUzY+Tf8xxQl+Tf
WU2NGPf88FIQrTsHnILcZxfICqTYzc/RXZvpkVKdUhCgs/hPxrfU18NYwThnj9k4
nZi0zWlxsySzTN6OQZzsjxSj4U1aseUbIGnU3HJQ3x6BJ62kjuE/CzaXS+1H/4wc
akxtNxBiAGJAxGhBXdFh2LnRPwp4q8X+XZZSmjocC/zldy+suPRfEEotgJ4LfpOI
vgQBFgoAZgUCVjXull8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45MPhAQCvk5UQhm4oRvDjxSui3xG2aNKG
fHL1ZkDIMtXQkiACVAD/WuAkwWTnjoDWww5X8VPcgqYs/TuHc/FL6uoLXFJL4wo=
=fBRS
-----END PGP SIGNATURE-----