TOFU for GnuPG

Neal H. Walfield neal at walfield.org
Sat Oct 31 21:27:09 CET 2015


At Sat, 31 Oct 2015 11:57:05 +0000,
MFPA wrote:
> > First, some statistics are displayed, namely, that
> > we've verified 5 messages signed by this key in the
> > past last hour.
> 
> 
> Would it say the same if it were not five unique messages? For
> example, we read the same email five times and verified it each
> time.

N is the number of unique signatures.  If you verify the message
signature multiple times, it will only count once.

> And would an option to limit the time period make sense? Meaning that
> if the limit were set to X days, it would use the actual time period
> if shorter but only say how many messages were verified in the last X
> days if the binding were older. (Having thought this sounded like a
> good idea, I am struggling to think of a use case.)

I'm sure we could do something like this, but it sounds like adding
complexity, which doesn't seem justified.

Thanks,

:) Neal



More information about the Gnupg-users mailing list