Key selection order

Peter Lebbing peter at
Thu Jan 14 22:26:19 CET 2016

On 2016-01-14 21:06, Andrew Gallagher wrote:
> Granted. And it does provide a speed bump to a potential attacker, so
> is preferable to nothing. But it's not a long term solution.

I disagree. It's a "good enough" solution for many circumstances. And 
we know by now how well the WoT works in many circumstances. Both have 
their uses. But this has been discussed on the list multiple times. It's 
fine if you disagree; but please don't phrase your words as fact when 
it's such a contended issue.

> Tofu does not guarantee identity persistence. Just because your
> correspondence hasn't been obviously tampered with (yet) does not 
> mean
> that someone hasn't been MITMing you all along and biding their time.

Isn't "MITM'ing all along" identity persistence then? It's quite 
unfortunate it's the /wrong/ identity, but it's identity persistence in 
my book, so I think you're using the terminology wrongly.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at 

More information about the Gnupg-users mailing list