Key selection order

Lachlan Gunn lachlan at
Thu Jan 14 19:48:29 CET 2016

Sure, but you have to bootstrap somehow.  TOFU doesn't come into play until
after you've received a response anyway, so unless you can find the key
through some out-of-band source, then for the initial contact you have to
choose between either making an educated guess as to what the key is, or
sending in the clear.  Even if the key ends up being wrong then at least
there's only one potential attacker, and the game is up the moment you get
an unmodified email from the real guy via mailing lists, forwarding, etc.

I'm not saying that we should all just blindly accept whatever the
keyservers say, I just wanted to know whether there was anything useful
that one could do with the current infrastructure when they _knew_ that
they were already under attack.


2016-01-14 19:09 GMT+01:00 Robert J. Hansen <rjh at>:

> > Yes, of course. I'm just wondering whether there's anything that I can
> > do to increase the probability that a user who looks me up and emails me
> > out of nowhere will get the right key.
> Tell them to look you up by fingerprint.  Problem solved.
> > This breaks the "look up key and then just use ToFU" workflow...
> No, it breaks up the "grab a random certificate that claims to be mine
> and just use it" workflow, which is stupid, and isn't even what the TOFU
> advocates suggest.
> TOFU is built on trusting certificates that are used in received mail.
> If you receive a mail signed by 0xB44427C7, TOFU says "you should
> probably trust this is from rjh at"
> But if you don't already have the certificate, and you're looking for it
> on a keyserver, TOFU says "you should really pull it down by long key ID
> or fingerprint."
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160114/60630d3e/attachment-0001.html>

More information about the Gnupg-users mailing list