On 23/06/17 11:14, Neal H. Walfield wrote: > No, both keys are set to ask. The key with a lot of observed > signatures could be bad. This could occur, if there is a MitM, but > the MitM has a small lapse, because, perhaps, you've used an > unintercepted network path to retreive the "new" signature & key.
So if I understand correctly, the "summary"/"validity" field merely affects the text that is displayed to the user when displaying TOFU statistics? Cheers, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
