TOFU for GnuPG
Neal H. Walfield
neal at walfield.org
Sat Oct 31 21:27:09 CET 2015
At Sat, 31 Oct 2015 11:57:05 +0000,
> > First, some statistics are displayed, namely, that
> > we've verified 5 messages signed by this key in the
> > past last hour.
> Would it say the same if it were not five unique messages? For
> example, we read the same email five times and verified it each
N is the number of unique signatures. If you verify the message
signature multiple times, it will only count once.
> And would an option to limit the time period make sense? Meaning that
> if the limit were set to X days, it would use the actual time period
> if shorter but only say how many messages were verified in the last X
> days if the binding were older. (Having thought this sounded like a
> good idea, I am struggling to think of a use case.)
I'm sure we could do something like this, but it sounds like adding
complexity, which doesn't seem justified.
More information about the Gnupg-users