On 07/06/17 13:49, Stefan Claas wrote: > In Enigmail with the blue and green bar (without showing statistics) it > would simply mean > that it switches from green to blue, right?
Not necessarily! I don't know if Enigmail checks whether the From: is equal to the key UID, but we're talking about look-alike addresses here, not completely equal addresses, so even that wouldn't help. It would, depending on tofu-default-policy, potentially be marked as Good with a green bar! It is from a new key from an e-mail address never before seen. With the default tofu-default-policy, it would *not* be green, because it would only get marginal validity. But with tofu-default-policy good, it would get marked as valid because there doesn't seem to be anything wrong with it. It's only a visual similarity that fools the user, but a computer is an exact device and doesn't know they look similar to you. I hope Enigmail will add the TOFU statistics to the displayed information. Or maybe they already did, I see that I'm using Debian jessie's enigmail package for Enigmail, and Debian jessie/stable has pretty old packages (well maintained, but old). HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
