On Sun, 25 Jun 2017 20:09:13 +0200, Neal H. Walfield wrote: > At Fri, 23 Jun 2017 02:07:19 +0100, > MFPA wrote: > > On Wednesday 21 June 2017 at 7:49:42 PM, in > > <mid:ffb9b23c-b01b-44d0-3a75-6e5e474de...@digitalbrains.com>, Peter > > Lebbing wrote:- > > > > > I think it's a bad UX choice to > > > name an invalid > > > signature "UNTRUSTED Good" and a valid signature > > > "Good". I think it > > > suggests they both have some credibility, which is a > > > false suggestion. > > > > I thought "good signature" just meant the message has not been > > altered in transit. > > Nope. A MitM could have intercepted the message and replaced the body > with some other signed text (text that it possibly signed with a > "fake" key).
I asked this already in this thread, do you know what TOFU does when a man in the middle would replace (theoretically) one of my pub keys, modify the TOFU database , set's the Trust Level to Ultimate and then sends a message to me. Am i correct that even with a modified database TOFU would tell me, wait there is already one key (the original one) on a key server and this one is not the correct one. Regards Stefan
pgp5gZ7AStP1P.pgp
Description: Digitale Signatur von OpenPGP
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
