On 06/04/2017 10:25 PM, Stefan Claas wrote:
> With Thunderbird/Enigmail (i can't speak for other apps) a user new to GnuPG
> and and not savvy with checking email headers and not carefully checking the
> fingerprint (he must click addionally on the Details button) and who has
> never
> signed a public key before would in my opinion have it easier if he would be
> presented with an additional visual fingerprint imho, because he would
> imediately
> spot after the second email if the pub-key, he not yet lsigned, that
> there is
> something wrong.
> 
> If the visual fingerprint would be bullet-proof it would not hurt to
> implement
> such a feature, imho.

Any talk about visual inspection of consistency in fingerprint seems
like an implementation of a TOFU model rather than an actual trust
model? So instead of doing a manual visual inspection, you'd want the
tofu model in gpg 2.1?

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Action is the foundational key to all success"
(Pablo Picasso)

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to