Are TOFU statistics used for validity or conflict resolution?
Peter Lebbing
peter at digitalbrains.com
Fri Jun 23 12:52:48 CEST 2017
On 23/06/17 11:14, Neal H. Walfield wrote:
> No, both keys are set to ask. The key with a lot of observed
> signatures could be bad. This could occur, if there is a MitM, but
> the MitM has a small lapse, because, perhaps, you've used an
> unintercepted network path to retreive the "new" signature & key.
So if I understand correctly, the "summary"/"validity" field merely
affects the text that is displayed to the user when displaying TOFU
statistics?
Cheers,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170623/939d0725/attachment.sig>
More information about the Gnupg-users
mailing list