Werner Koch wk at
Thu Sep 1 10:15:50 CEST 2016

On Thu,  1 Sep 2016 08:34, mirimir at said:

> Ensuring that you keep talking to the same key is pretty easy. The
> hard thing is knowing what key is correct for someone who's defined
> only by an online presence. Where you have no WoT overlap. Comparing

You see signed message from someone and over time you build up trust.
Eventually you want to send a mail and the TOFU system will consider
that email/key valid due to the signatures gathered over time.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
 /* Join us at OpenPGP.conf  <> */
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 162 bytes
Desc: not available
URL: </pipermail/attachments/20160901/94b89556/attachment.sig>

More information about the Gnupg-users mailing list