Key selection order

Doug Barton dougb at
Fri Jan 15 20:27:43 CET 2016

On 01/14/2016 01:41 PM, NdK wrote:
> Il 14/01/2016 21:06, Andrew Gallagher ha scritto:
>> >Tofu does not guarantee identity persistence. Just because your correspondence hasn't been obviously tampered with (yet) does not mean that someone hasn't been MITMing you all along and biding their time.
> As usual, it depends on your attack scenario.
> If I have 10-years-old mails from someone I've never met, and all use
> the same key, I can assume that either 1) that identity belongs to the
> same person or 2) that an attacker MITMed*all*  my connections (from
> every device I've had wherever I was and to every service I used).
> Occam's razor and my "exposure profile" make me think it's 1):)

There are several more possible scenarios. The most plausible of which 
would be 3) Your correspondent is being coerced, and 4) Your 
correspondent has lost control of the key, and the new correspondent is 
skilled at mimicking the "real" one. Of course neither of those 
scenarios is defensible with either key verification strategy.

> In other words,*time*  can be considered an 'out of band' channel.

It really can't ... if anything time increases the likelihood that the 
original key holder has lost control of the key.


More information about the Gnupg-users mailing list