TOFU (was: Question for app developers, like Enigmail etc. - Identicons)
peter at digitalbrains.com
Wed Jun 7 14:24:45 CEST 2017
On 07/06/17 13:49, Stefan Claas wrote:
> In Enigmail with the blue and green bar (without showing statistics) it
> would simply mean
> that it switches from green to blue, right?
I don't know if Enigmail checks whether the From: is equal to the key
UID, but we're talking about look-alike addresses here, not completely
equal addresses, so even that wouldn't help.
It would, depending on tofu-default-policy, potentially be marked as
Good with a green bar! It is from a new key from an e-mail address never
before seen. With the default tofu-default-policy, it would *not* be
green, because it would only get marginal validity. But with
tofu-default-policy good, it would get marked as valid because there
doesn't seem to be anything wrong with it. It's only a visual similarity
that fools the user, but a computer is an exact device and doesn't know
they look similar to you.
I hope Enigmail will add the TOFU statistics to the displayed
information. Or maybe they already did, I see that I'm using Debian
jessie's enigmail package for Enigmail, and Debian jessie/stable has
pretty old packages (well maintained, but old).
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users