TOFU for GnuPG

Andre Heinecke aheinecke at
Fri Oct 30 13:23:14 CET 2015


On Thursday 29 October 2015 22:28:54 Neal H. Walfield wrote:
> At Thu, 29 Oct 2015 18:48:43 +0100,
> Johannes Zarl-Zierl wrote:
> > Out of curiosity: Does the TOFU implementation for gpg already allow for
> > key transition statements / is this planned for some point in the future?
> Unfortunately, it doesn't.  This is because there is currently no
> standard way to communicate the id of the new key.  I've proposed a
> solution for this for the next OpenPGP version, which is currently
> being work on.  There appears to be some interest, but unfortunately I
> haven't had time to work on that recently.

I don't fully understand why you need formalized transition statements. 
Couldn't you just treat Key / UIDs that are signed by each other as "two valid 
keys for this UID"?

So when I transition to another key I just sign it with the old key and GnuPG 
can detect that and not show a warning about it?

This would also solve the problem that some users may have multiple keys with 
the same UID's which are both valid.


Andre Heinecke |  ++49-541-335083-262  |
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20151030/b89ca08a/attachment.sig>

More information about the Gnupg-users mailing list