At Fri, 23 Jun 2017 12:52:48 +0200, Peter Lebbing wrote: > > [1 <text/plain; utf-8 (quoted-printable)>] > On 23/06/17 11:14, Neal H. Walfield wrote: > > No, both keys are set to ask. The key with a lot of observed > > signatures could be bad. This could occur, if there is a MitM, but > > the MitM has a small lapse, because, perhaps, you've used an > > unintercepted network path to retreive the "new" signature & key. > > So if I understand correctly, the "summary"/"validity" field merely > affects the text that is displayed to the user when displaying TOFU > statistics?
It's up to the GPG client to interpret it. This document (authored by Andre and me) has some recommendations for MUAs: https://wiki.gnupg.org/EasyGpg2016/AutomatedEncryption :) Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
