Key selection order

NdK ndk.clanbo at
Thu Jan 14 20:11:33 CET 2016

Il 14/01/2016 18:04, Andrew Gallagher ha scritto:

> ... which is why you should never use ToFU. There is no known method of
> secure communication that does not involve out of band verification.
I disagree.
TOFU is what many users do anyway: identity persistence is often more
important than "real" identity... And harder to fake by any opponent
(governments would have no problem creating "fake" identity cards,
passports or anything -- after all that's what they usually do for
"real" ones!). On the other hand, if you saw mails from a single address
signed by the same identity for years, chances are that it's the same
person, even if the name on the identity card is different.


More information about the Gnupg-users mailing list