Are TOFU statistics used for validity or conflict resolution?

Peter Lebbing peter at
Fri Jun 23 12:52:48 CEST 2017

On 23/06/17 11:14, Neal H. Walfield wrote:
> No, both keys are set to ask.  The key with a lot of observed
> signatures could be bad.  This could occur, if there is a MitM, but
> the MitM has a small lapse, because, perhaps, you've used an
> unintercepted network path to retreive the "new" signature & key.

So if I understand correctly, the "summary"/"validity" field merely
affects the text that is displayed to the user when displaying TOFU



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170623/939d0725/attachment.sig>

More information about the Gnupg-users mailing list