trust-model and federated lookups
Bernhard Reiter
bernhard at intevation.de
Mon Oct 25 12:24:26 CEST 2021
Hi Phil,
Am Freitag 22 Oktober 2021 17:00:11 schrieb Phil Pennock via Gnupg-users:
> I think what I _want_ is `trust-model pgp+federated+tofu`, which means,
> in order: (1) any sigs from the WoT; (2) origin information from the
> key, if the origin shows the key was safely retrieved from a federated
> origin in a provable way (WKD, various DNSSEC storage options, etc); (3)
> TOFU as a fallback if there's nothing better.
>
> I might even just want `trust-model pgp+federated` if I'm feeling more
> cautious. But in reality tofu helps a little.
>
> Does this make sense to people? Is there a security problem with this?
> Does this seem like a reasonable feature request?
Yes, not really, yes. ;)
To me it is important that the behaviour of the application using this
information is ideally not black and white, you probabaly now
https://wiki.gnupg.org/AutomatedEncryption
which is a vision how email clients can deal with pubkeys that they have
different levels of confidence in.
Best Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20211025/6d1bea56/attachment-0001.sig>
More information about the Gnupg-users
mailing list