At Thu, 22 Jun 2017 09:42:50 +0300, Teemu Likonen wrote: > It _seems_ to me that > > - Field 3 :: validity - A number with validity code. > > is the same thing as SUMMARY in TOFU_STATS. Am I right? > > And here's my question again: Does the SUMMARY field's value (0-4) have > effect on how key's validity is calculated or how TOFU conflicts are > resolved or presented to a user?
TOFU influences validity. By default, all known keys are marginally trusted in the TOFU model. (This is more or less the "first use" bit of "trust on first use".) In TOFU, the validity of a key is set to unknown if there is an unresolved conflict. The user can resolve a conflict either positively (in which case the validity is full) or negatively (in which case the validity is never). Note: this means that it is possible to make negative assertions when using TOFU, which is not possible when using WoT. The summary field in TOFU_STATS is a summary of the key's use. The basic idea is that in the absence of facts to the contrary, at the limit (an infinite number of uses), a given key must have been the right one (or is indistinguishable from the correct key, which is just as good, because it means that nothing bad ever happened). In other words, a key that has been used for years is more likely to be the correct one, then one that I've only used once. In the former case, I've had many more opportunities to detect a MitM attack. The summary field captures this using a simple scale that applications can then somehow display to the user. This is currently used by kmail and the Outlook plug-in. HTH, :) Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
