trust-model and federated lookups

Bernhard Reiter bernhard at
Mon Oct 25 12:24:26 CEST 2021

Hi Phil,

Am Freitag 22 Oktober 2021 17:00:11 schrieb Phil Pennock via Gnupg-users:
> I think what I _want_ is `trust-model pgp+federated+tofu`, which means,
> in order: (1) any sigs from the WoT; (2) origin information from the
> key, if the origin shows the key was safely retrieved from a federated
> origin in a provable way (WKD, various DNSSEC storage options, etc); (3)
> TOFU as a fallback if there's nothing better.
> I might even just want `trust-model pgp+federated` if I'm feeling more
> cautious.  But in reality tofu helps a little.
> Does this make sense to people?  Is there a security problem with this?
> Does this seem like a reasonable feature request?

Yes, not really, yes. ;)

To me it is important that the behaviour of the application using this 
information is ideally not black and white, you probabaly now

which is a vision how email clients can deal with pubkeys that they have 
different levels of confidence in.

Best Regards,

--   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <>

More information about the Gnupg-users mailing list