On 04.06.17 22:32, Kristian Fiskerstrand wrote: > On 06/04/2017 10:25 PM, Stefan Claas wrote: >> With Thunderbird/Enigmail (i can't speak for other apps) a user new to GnuPG >> and and not savvy with checking email headers and not carefully checking the >> fingerprint (he must click addionally on the Details button) and who has >> never >> signed a public key before would in my opinion have it easier if he would be >> presented with an additional visual fingerprint imho, because he would >> imediately >> spot after the second email if the pub-key, he not yet lsigned, that >> there is >> something wrong. >> >> If the visual fingerprint would be bullet-proof it would not hurt to >> implement >> such a feature, imho. > Any talk about visual inspection of consistency in fingerprint seems > like an implementation of a TOFU model rather than an actual trust > model? So instead of doing a manual visual inspection, you'd want the > tofu model in gpg 2.1? > I'm not yet familar with the TOFU model, but if it helps to spot a fake pub key imediately, in addition to the regular trust-model i see no reason why not.
Regards Stefan _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
