Are TOFU statistics used for validity or conflict resolution?

Teemu Likonen tlikonen at
Thu Jun 22 19:32:48 CEST 2017

Teemu Likonen [2017-06-22 09:42:50+03] wrote:

> Does the SUMMARY field's value (0-4) have effect on how key's validity
> is calculated or how TOFU conflicts are resolved or presented to a
> user?

I didn't get answers yet but I'll speculate a bit on the subject. This
is all about "trust-model tofu" and assume that I have _not_ set
"--tofu-policy" manually.

Let's say that I have a key which has been used to verify a couple of
signatures. Then there comes another key with conflicting email address.
It seems that tofu goes to "ask" mode for _both_ keys (user ids). User
needs to decide and set the tofu policy for both.

Then let's say I have a key which has been used to verify hundred or so
signatures. In --status-fd's TOFU_STATS <summary> it gets higher value,
say 4. Then the keyring gets a new key with conflicting email address.
Does gpg again set both keys (user ids) to tofu's "ask" mode or does
this higher number of good verifications automatically keep the first
key in "auto" mode and only the new key is set to "ask" mode?

/// Teemu Likonen   - .-..   <> //
// PGP: 4E10 55DC 84E9 DFF6 13D7 8557 719D 69D3 2453 9450 ///
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: </pipermail/attachments/20170622/e08790bf/attachment.sig>

More information about the Gnupg-users mailing list