On 05.06.17 01:05, Ben McGinnes wrote: > On Sun, Jun 04, 2017 at 10:47:56PM +0200, Stefan Claas wrote: >> I'm not yet familar with the TOFU model, but if it helps to spot a >> fake pub key imediately, in addition to the regular trust-model i >> see no reason why not. > That's pretty much exactly what it does. > > TOFU stands for Trust On First Use, so even if a key is not explicitly > trusted or signed, GPG will maintain a record of the number of times a > signed message has been seen from it, associated user IDs and email > addresses and so on. It will also report discrepancies. It's pretty > much how most people had been unofficially handling things anyway in > order to favour encryption even with unknown parties. > > It is, of course, another reason why people tend not to look back > after switching to GPG 2.1. >
Thank you very much for your explanation! This sounds excellent! Hope i can see this soon in GPGTools implemented too. Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
