Key selection order

Robert J. Hansen rjh at
Thu Jan 14 23:36:00 CET 2016

> Granted. And it does provide a speed bump to a potential attacker, so
> is preferable to nothing. But it's not a long term solution.

Beware all absolutes.  There are lots of situations in which TOFU works
*just fine* as a long-term solution.  Remember, the truest answer in
cryptography is, "It depends a lot on the situation."

I've known vedaal for what, coming up on 20 years now, vedaal?  I've
never used any verification for him besides TOFU.  Works just fine for
us.  There's a decent chance it's been working for us longer than you've
been alive.  :)

I think people have a vast misunderstanding about the TOFU threat model.
 If you are already under active attack by a well-funded adversary, then
yes, you're screwed: don't use TOFU.  But if you're not, then TOFU
allows you a much easier way to build and develop your own personal Web
of Trust in ways that make it much harder for an active attacker to
later on subvert your communications.

> Tofu does not guarantee identity persistence.

Neither does the WoT.  What does, for that matter?

More information about the Gnupg-users mailing list