Are TOFU statistics used for validity or conflict resolution?

Neal H. Walfield neal at
Thu Jun 22 20:31:41 CEST 2017

At Thu, 22 Jun 2017 09:42:50 +0300,
Teemu Likonen wrote:
> It _seems_ to me that 
>     - Field 3 :: validity -  A number with validity code.
> is the same thing as SUMMARY in TOFU_STATS. Am I right?
> And here's my question again: Does the SUMMARY field's value (0-4) have
> effect on how key's validity is calculated or how TOFU conflicts are
> resolved or presented to a user?

TOFU influences validity.

By default, all known keys are marginally trusted in the TOFU model.
(This is more or less the "first use" bit of "trust on first use".)
In TOFU, the validity of a key is set to unknown if there is an
unresolved conflict.  The user can resolve a conflict either
positively (in which case the validity is full) or negatively (in
which case the validity is never).  Note: this means that it is
possible to make negative assertions when using TOFU, which is not
possible when using WoT.

The summary field in TOFU_STATS is a summary of the key's use.  The
basic idea is that in the absence of facts to the contrary, at the
limit (an infinite number of uses), a given key must have been the
right one (or is indistinguishable from the correct key, which is just
as good, because it means that nothing bad ever happened).  In other
words, a key that has been used for years is more likely to be the
correct one, then one that I've only used once.  In the former case,
I've had many more opportunities to detect a MitM attack.  The summary
field captures this using a simple scale that applications can then
somehow display to the user.  This is currently used by kmail and the
Outlook plug-in.


:) Neal

More information about the Gnupg-users mailing list