TOFU

Stefan Claas stefan.claas at posteo.de
Thu Jun 8 22:33:19 CEST 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 07.06.17 14:24, Peter Lebbing wrote:
> I hope Enigmail will add the TOFU statistics to the displayed > information. Or maybe they already did, I see that I'm using Debian >
jessie's enigmail package for Enigmail, and Debian jessie/stable has >
pretty old packages (well maintained, but old). > I did a test today
with Enigmail and with TOFU in command line mode.
I posted 3 messages with a fantasy name to a Usenet test group where
the 3rd message was signed with a fake key and Enigmail showed me this:

UNTRUSTED Good signature from Ernst Mustermann <em at example.com>
Key ID: 0x4608CFA2 / Signed on: 08.06.17, 21:07

UNTRUSTED Good signature from Ernst Mustermann <em at example.com>
Key ID: 0x4608CFA2 / Signed on: 08.06.17, 21:08

UNTRUSTED Good signature from Ernst Mustermann <em at example.com>
Key ID: 0x4608CFA2 / Signed on: 08.06.17, 21:17

(It's the usual message under macOS with the blue bar. Note: with auto
key retrival on.)

Then i downloaded all messages run them through GnuPG and on the first
message TOFU already told me that there are 3 equal email addresses!

Regards
Stefan



-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEK6+F+SgavVQ4I8fFmB63w4LsUrQFAlk5tIgACgkQmB63w4Ls
UrRENwgA5AdTLLyqXMweycHoQcxFjzi5wdZv/t9KxYCTlYDLAQDkmabD9Gzcdfbe
4x/wc/RbIB9alJ/GPBgtNvl4xrljGQhw20pA2ppbe/YS2hnIHlmWgyscNj1168cc
sGOBAU2ZlX2CGRpDe/9cbuF5pj9/l8jeCFQGaY1RKp5DkXFZr4svxC3CnCd3p94t
6ROhxjls8R0SkGvBHls8Cm6bRoACETkRITHd5y5WbMmzWQFLoAWfl3ekxYt2Q46c
XxLCRBQvxg0R6zngmuciZLBsCe94+xsNiqRZ+Q9GFAagobSaGZso+aSquqguU35G
mOpxm07iEgU1YeAGS67tLTTxWGv0HQ==
=mpGy
-----END PGP SIGNATURE-----





More information about the Gnupg-users mailing list