Are TOFU statistics used for validity or conflict resolution?
peter at digitalbrains.com
Fri Jun 23 12:52:48 CEST 2017
On 23/06/17 11:14, Neal H. Walfield wrote:
> No, both keys are set to ask. The key with a lot of observed
> signatures could be bad. This could occur, if there is a MitM, but
> the MitM has a small lapse, because, perhaps, you've used an
> unintercepted network path to retreive the "new" signature & key.
So if I understand correctly, the "summary"/"validity" field merely
affects the text that is displayed to the user when displaying TOFU
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users