TOFU

[Stefan Claas]

Am 07.06.2017 um 14:24 schrieb Peter Lebbing:

> On 07/06/17 13:49, Stefan Claas wrote:
>> In Enigmail with the blue and green bar (without showing statistics) it
>> would simply mean
>> that it switches from green to blue, right?
> Not necessarily!
>
> I don't know if Enigmail checks whether the From: is equal to the key
> UID, but we're talking about look-alike addresses here, not completely
> equal addresses, so even that wouldn't help.
>
> It would, depending on tofu-default-policy, potentially be marked as
> Good with a green bar! It is from a new key from an e-mail address never
> before seen. With the default tofu-default-policy, it would *not* be
> green, because it would only get marginal validity. But with
> tofu-default-policy good, it would get marked as valid because there
> doesn't seem to be anything wrong with it. It's only a visual similarity
> that fools the user, but a computer is an exact device and doesn't know
> they look similar to you.
>
> I hope Enigmail will add the TOFU statistics to the displayed
> information. Or maybe they already did, I see that I'm using Debian
> jessie's enigmail package for Enigmail, and Debian jessie/stable has
> pretty old packages (well maintained, but old).
>
>
Thank you very much for the Information! Then i have to wait until an
Enigmail with TOFU version will be released to see how it works.

Since TOFU interests me very much i will check what command line based
email clients with GnuPG support for OS X are available and run then
some tests from different email accounts.

Regards
Stefan