Il 14/01/2016 18:04, Andrew Gallagher ha scritto: > ... which is why you should never use ToFU. There is no known method of > secure communication that does not involve out of band verification. I disagree. TOFU is what many users do anyway: identity persistence is often more important than "real" identity... And harder to fake by any opponent (governments would have no problem creating "fake" identity cards, passports or anything -- after all that's what they usually do for "real" ones!). On the other hand, if you saw mails from a single address signed by the same identity for years, chances are that it's the same person, even if the name on the identity card is different.
BYtE, Diego _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
