> On 14 Jan 2016, at 19:11, NdK <ndk.cla...@gmail.com> wrote: > > Il 14/01/2016 18:04, Andrew Gallagher ha scritto: > >> ... which is why you should never use ToFU. There is no known method of >> secure communication that does not involve out of band verification. > I disagree. > TOFU is what many users do anyway:
Granted. And it does provide a speed bump to a potential attacker, so is preferable to nothing. But it's not a long term solution. > identity persistence is often more > important than "real" identity... Tofu does not guarantee identity persistence. Just because your correspondence hasn't been obviously tampered with (yet) does not mean that someone hasn't been MITMing you all along and biding their time. A _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
