TOFU for GnuPG

Neal H. Walfield neal at
Tue Nov 3 16:34:39 CET 2015

At Tue, 03 Nov 2015 16:10:24 +0100,
Andre Heinecke wrote:
> Don't we need to lookup the new key anyway to make validity decisions? Until 
> then we assume "Unknown" trust.

In the verify case, yes.  But what about the sign case?  We just see
that the old key has been revoked, but we don't know what the new key


:) Neal

More information about the Gnupg-users mailing list