Hi Phil, Am Freitag 22 Oktober 2021 17:00:11 schrieb Phil Pennock via Gnupg-users: > I think what I _want_ is `trust-model pgp+federated+tofu`, which means, > in order: (1) any sigs from the WoT; (2) origin information from the > key, if the origin shows the key was safely retrieved from a federated > origin in a provable way (WKD, various DNSSEC storage options, etc); (3) > TOFU as a fallback if there's nothing better. > > I might even just want `trust-model pgp+federated` if I'm feeling more > cautious. But in reality tofu helps a little. > > Does this make sense to people? Is there a security problem with this? > Does this seem like a reasonable feature request?
Yes, not really, yes. ;) To me it is important that the behaviour of the application using this information is ideally not black and white, you probabaly now https://wiki.gnupg.org/AutomatedEncryption which is a vision how email clients can deal with pubkeys that they have different levels of confidence in. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
