Are TOFU statistics used for validity or conflict resolution?

Neal H. Walfield neal at
Fri Jun 23 11:14:31 CEST 2017

At Thu, 22 Jun 2017 20:32:48 +0300,
Teemu Likonen wrote:
> Teemu Likonen [2017-06-22 09:42:50+03] wrote:
> > Does the SUMMARY field's value (0-4) have effect on how key's validity
> > is calculated or how TOFU conflicts are resolved or presented to a
> > user?
> I didn't get answers yet but I'll speculate a bit on the subject. This
> is all about "trust-model tofu" and assume that I have _not_ set
> "--tofu-policy" manually.
> Let's say that I have a key which has been used to verify a couple of
> signatures. Then there comes another key with conflicting email address.
> It seems that tofu goes to "ask" mode for _both_ keys (user ids). User
> needs to decide and set the tofu policy for both.


> Then let's say I have a key which has been used to verify hundred or so
> signatures. In --status-fd's TOFU_STATS <summary> it gets higher value,
> say 4. Then the keyring gets a new key with conflicting email address.
> Does gpg again set both keys (user ids) to tofu's "ask" mode or does
> this higher number of good verifications automatically keep the first
> key in "auto" mode and only the new key is set to "ask" mode?

No, both keys are set to ask.  The key with a lot of observed
signatures could be bad.  This could occur, if there is a MitM, but
the MitM has a small lapse, because, perhaps, you've used an
unintercepted network path to retreive the "new" signature & key.

More information about the Gnupg-users mailing list