On 06/04/2017 10:25 PM, Stefan Claas wrote: > With Thunderbird/Enigmail (i can't speak for other apps) a user new to GnuPG > and and not savvy with checking email headers and not carefully checking the > fingerprint (he must click addionally on the Details button) and who has > never > signed a public key before would in my opinion have it easier if he would be > presented with an additional visual fingerprint imho, because he would > imediately > spot after the second email if the pub-key, he not yet lsigned, that > there is > something wrong. > > If the visual fingerprint would be bullet-proof it would not hurt to > implement > such a feature, imho.
Any talk about visual inspection of consistency in fingerprint seems like an implementation of a TOFU model rather than an actual trust model? So instead of doing a manual visual inspection, you'd want the tofu model in gpg 2.1? -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "Action is the foundational key to all success" (Pablo Picasso)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users