Peter Lebbing peter at
Fri Jun 30 18:38:45 CEST 2017

On 25/06/17 21:42, Stefan Claas wrote:
> I asked this already in this thread, do you know what TOFU does
> when a man in the middle would replace (theoretically) one of
> my pub keys, modify the TOFU database , set's the Trust Level
> to Ultimate and then sends a message to me.

That's not what a MitM is. A Man in the Middle has no access to the
endpoints, he's in between them, hence middle.

And as I said earlier, if your endpoint isn't secure (last time, I
phrased it as "if someone gets your user privileges"), it's game over.

Also, in regard to your earlier mention of "shouldn't 'Ultimate' be
differently coloured to recognize this scenario", note that your
scenario of ultimately trusting a key used for data signatures isn't the
only way.

Somebody could put their own public key in your keyring, assign that
Ultimate trust, and then certify another public key they wish to pop up
as valid. Ultimately trusted keys make other keys valid by their
certification. There is no way to see any difference between a key that
is fully valid because your own ultimately trusted key signed it or
because the attackers ultimately trusted key signed it. And since the
ultimately trusted key of the attacker isn't the one doing data
signatures, your "alternative colour" will not trigger.

There is *no* *way* to mitigate an attacker having your user privileges.

> Am i correct that
> even with a modified database TOFU would tell me, wait there
> is already one key (the original one) on a key server and this
> one is not the correct one.

No, the attacker could simply modify your database so it sees what it
expects to see, or put a little shell wrapper around the gpg binary that
filters out anything suspicious. Or do any of an infinite number of
nasty things.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170630/4c4b6f49/attachment.sig>

More information about the Gnupg-users mailing list