On 2016-01-14 21:06, Andrew Gallagher wrote:
Granted. And it does provide a speed bump to a potential attacker, so
is preferable to nothing. But it's not a long term solution.
I disagree. It's a "good enough" solution for many circumstances. And
we know by now how well the WoT works in many circumstances. Both have
their uses. But this has been discussed on the list multiple times. It's
fine if you disagree; but please don't phrase your words as fact when
it's such a contended issue.
Tofu does not guarantee identity persistence. Just because your
correspondence hasn't been obviously tampered with (yet) does not
mean
that someone hasn't been MITMing you all along and biding their time.
Isn't "MITM'ing all along" identity persistence then? It's quite
unfortunate it's the /wrong/ identity, but it's identity persistence in
my book, so I think you're using the terminology wrongly.
HTH,
Peter.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at
<http://digitalbrains.com/2012/openpgp-key-peter>
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
