Question for app developers, like Enigmail etc. - Identicons

Kristian Fiskerstrand kristian.fiskerstrand at
Sun Jun 4 22:32:09 CEST 2017

On 06/04/2017 10:25 PM, Stefan Claas wrote:
> With Thunderbird/Enigmail (i can't speak for other apps) a user new to GnuPG
> and and not savvy with checking email headers and not carefully checking the
> fingerprint (he must click addionally on the Details button) and who has
> never
> signed a public key before would in my opinion have it easier if he would be
> presented with an additional visual fingerprint imho, because he would
> imediately
> spot after the second email if the pub-key, he not yet lsigned, that
> there is
> something wrong.
> If the visual fingerprint would be bullet-proof it would not hurt to
> implement
> such a feature, imho.

Any talk about visual inspection of consistency in fingerprint seems
like an implementation of a TOFU model rather than an actual trust
model? So instead of doing a manual visual inspection, you'd want the
tofu model in gpg 2.1?

Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP keyblock at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Action is the foundational key to all success"
(Pablo Picasso)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170604/da10ef12/attachment.sig>

More information about the Gnupg-users mailing list