Re: Default trust-model TOFU

On Fri, 8 Mar 2019 20:21, tliko...@iki.fi said: > have plans for that, to set the default trust model to "tofu" or > "tofu+pgp"? I am still not convinced that the UI as implemented on the command line is better that what we have now. It looks more complicated than w

Default trust-model TOFU

Werner Koch [2019-03-08 09:15:43+01] wrote: > If you plan to take part in that nerdy key signing game, [...] Maybe you refer only to key signing parties as nerdy things but I think the whole social web of trust concept is very nerdy. It's useless for most people and I'd say that TOFU model wo

Re: Two utilities: gpg-tofu and gpg-graph

Teemu Likonen [2019-02-17 08:23:38+02] wrote: > I have made two utilities to help my usage of gpg. [...] > gpg-tofu > gpg-graph I moved these utilities to a new combined repository: https://github.com/tlikonen/gpg-utilities There is also a new tool gpg-cert-path which find the

Re: Two utilities: gpg-tofu and gpg-graph

On Sun, Feb 17, 2019 at 08:23:38AM +0200, Teemu Likonen wrote: gpg-graph - https://github.com/tlikonen/gpg-graph This program parses "gpg --batch --no-tty --with-colons --check-signatures -- [...]" and prints graph data for Graphviz for drawing nice web of trust graphs. $ gpg-graph

Re: Two utilities: gpg-tofu and gpg-graph

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 17 February 2019 at 6:23:38 AM, in , Teemu Likonen wrote:- > In my opinion "gpg --with-tofu-info --list-keys" etc. > (without > --with-colons) should display similar human readable > TOFU info. Currently I

Two utilities: gpg-tofu and gpg-graph

Hello! I have made two utilities to help my usage of gpg. I think the functionality of one of them should be part of gpg. gpg-tofu https://github.com/tlikonen/gpg-tofu This program parses "gpg --batch --no-tty --with-tofu-info --with-colons --list-keys -- [...]" output an

Re: Expected behaviour setting TOFU policy

Hi, At Thu, 15 Feb 2018 17:20:14 -0500, Konstantin Ryabitsev wrote: > But wait, now I can omit --trust-model from the command line and I get the > same > TOFU-based result, implying that trust-model tofu+pgp now sticks, even though > I've modified no config files: If you don't ex

Expected behaviour setting TOFU policy

Hi, all: I am not sure if what I am experiencing is expected TOFU behaviour or not, and I'm hoping someone can help me figure that out. I'll show on a live example (skipping irrelevant output). This is gnupg-2.2.4 on Fedora 26. [user@disp1132 ~]$ export GNUPGHOME=$(mktemp -d) [user

Re: permission denied searching keys WAS: [gpg 2.2.x devuan jessie no TOFU TLS]

later: im not sure what to do now most functionality seems ok except for searching/importing keys from keyservers i can see my local pub/pri keyrings Fulano Diego Perez: > > > Werner Koch: >> On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said: >> >>> checking for LIBGNUTLS... no >> >>

Re: gpg 2.2.x devuan jessie no TOFU TLS

Werner Koch: > On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said: > >> checking for LIBGNUTLS... no > > The minimal requirement is GNUTLS 3.0 - please check that you have the > 3.x -dev package installed. You should also consult config.log to check > why GNUTLS was not found. > > >

Re: gpg 2.2.x devuan jessie no TOFU TLS

On Thu, 26 Oct 2017 16:00, fulanope...@cryptolab.net said: > checking for LIBGNUTLS... no The minimal requirement is GNUTLS 3.0 - please check that you have the 3.x -dev package installed. You should also consult config.log to check why GNUTLS was not found. Salam-Shalom, Werner -- Die

Re: gpg 2.2.x devuan jessie no TOFU TLS

Forwarded Message Subject: Re: gpg 2.2.x devuan jessie no TOFU TLS Date: Fri, 27 Oct 2017 17:36:09 +1100 From: Fulano Diego Perez <fulanope...@cryptolab.net> To: GnuPG Users <gnupg-users@gnupg.org>, d...@lists.dyne.org Daniel Kahn Gillmor: > On Fri 2017-10-27

Re: gpg 2.2.x devuan jessie no TOFU TLS

On Fri 2017-10-27 01:00:36 +1100, Fulano Diego Perez wrote: > cannot work this out > > installed sqlite3 and gnutls available packages and -dev packages what versions of these packages did you install? can you provide more explicit details? the debian packages build fine on stretch and later,

gpg 2.2.x devuan jessie no TOFU TLS

Forwarded Message Subject: gpg 2.2.x devuan jessie no TOFU TLS Date: Fri, 27 Oct 2017 01:00:36 +1100 From: Fulano Diego Perez <fulanope...@cryptolab.net> To: GnuPG Users <gnupg-users@gnupg.org>, d...@lists.dyne.org cannot work this out installed sqlite3 and gnut

gpg 2.2.x devuan jessie no TOFU TLS

:yes TLS support: no TOFU support:no Tor support: yes checking for SQLITE3... no configure: WARNING: *** *** Building without SQLite support - TOFU disabled *** *** *** checking for encfs... /usr/bin/encfs checking for fusermount... /bin/fusermount

Re: TOFU db corruption detected

table > sending me your TOFU db > and your pubring.gpg / pubring.kbx per private mail, > as well as > telling me which key that is causing the problem, > then I will take a > look. Thanks for the offer. I dumped the tofu.db to a text file, deleted the bindings relating the the p

Re: TOFU db corruption detected

Hi, Unfortunately, there isn't enough information in this report to reproduce your issue. If you feel comfortable sending me your TOFU db and your pubring.gpg / pubring.kbx per private mail, as well as telling me which key that is causing the problem, then I will take a look. Key: 8F17 7771

Re: TOFU db corruption detected

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Sunday 6 August 2017 at 1:32:09 AM, in , Daniel Villarreal wrote:- > "... run sqlite3 with vacuum, reindex and analyze Reindex and analyze shrunk my tofu.db by a further 4 KB but GnuPG

Re: TOFU db corruption detected

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Saturday 5 August 2017 at 4:30:12 PM, in <mid:87mv7e118b@mithlond.arda>, Teemu Likonen wrote:- > Before the developers give you more educated answers > I'll point out that > the tofu database is a regular Sqlite database

Re: TOFU db corruption detected

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 08/05/17 11:30, Teemu Likonen wrote: > MFPA [2017-08-05 15:56:02+01] wrote: > >> ... "rebuild" the TOFU database to get rid of the corruption? > > ... tofu [db] is a regular Sqlite [db] file. So you can do: >

Re: TOFU db corruption detected

MFPA [2017-08-05 15:56:02+01] wrote: > How do I "rebuild" the TOFU database to get rid of the corruption? Before the developers give you more educated answers I'll point out that the tofu database is a regular Sqlite database file. So you can do: $ sqlite3 ~/.gnupg/tofu.db and

TOFU db corruption detected

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 gpg: TOFU db corruption detected. gpg: (further info: user id '[jpeg image of size 24800]' not on key block 'Fingerprint') I see the above message when encrypting to the key whose fingerprint I have redacted above. The copy of that key on my

Re: Are TOFU statistics used for validity or conflict resolution?

At Fri, 23 Jun 2017 13:45:39 +0300, Teemu Likonen wrote: > I don't know whether my thinking is common but perhaps it would be > helpful if gpg's man page made clear that on conflict situation both > keys go to "ask" mode. A quote from my gpg 2.1.18 manual: I tried to improve the documentation in

Re: TOFU

On 2017/06/30 20:27, Stefan Claas wrote: > The idea with this scenario is that it can be carried out by people > with no skills in hacking or compromising a computer, in small shops, > companies for example, when one of the co-workers leaves his/her > work place for a minute, or two etc. Anybody

Re: TOFU

On Fri, 30 Jun 2017 21:02:38 +0200, Peter Lebbing wrote: > PS: As a final note, what prevents your attacker from grabbing your > passphrase when you enter it? They control your computer! If you > could use your passphrase to verify it was really you, they would > immediately also have that

Re: TOFU

On 30/06/17 20:54, Stefan Claas wrote: > Good point! And what would be your proposal against this kind of > attack? On 30/06/17 18:38, Peter Lebbing wrote: > There is *no* *way* to mitigate an attacker having your user privileges. > :-) For me it is a) bad software design, with the same colors

Re: TOFU

On Fri, 30 Jun 2017 20:35:48 +0200, Peter Lebbing wrote: > On 30/06/17 20:01, Stefan Claas wrote: > > Correct. But what i mean was an attacker would replace on of my pub > > keys (which i signed) with one he/she only replaced with one that > > has only the Trust Level set to Ultimate, resulting in

Re: TOFU

On 30/06/17 20:01, Stefan Claas wrote: > Correct. But what i mean was an attacker would replace on of my pub > keys (which i signed) with one he/she only replaced with one that > has only the Trust Level set to Ultimate, resulting in both keys > showing up with a green bar. And to mitigate this

Re: TOFU

On Fri, 30 Jun 2017 18:38:45 +0200, Peter Lebbing wrote: > Somebody could put their own public key in your keyring, assign that > Ultimate trust, and then certify another public key they wish to pop > up as valid. Ultimately trusted keys make other keys valid by their > certification. There is no

Re: TOFU

On 25/06/17 21:42, Stefan Claas wrote: > I asked this already in this thread, do you know what TOFU does > when a man in the middle would replace (theoretically) one of > my pub keys, modify the TOFU database , set's the Trust Level > to Ultimate and then sends a message to me. Tha

Re: TOFU

> > > > I thought "good signature" just meant the message has not been > > altered in transit. > > Nope. A MitM could have intercepted the message and replaced the body > with some other signed text (text that it possibly signed with a > "fake" k

Re: TOFU

### Do not reply below this line ### - Goddess: Primal Chaos | June 25, 2017 | 20:12 +0200 - Dear player, Thank you very much for

Re: TOFU

At Fri, 23 Jun 2017 02:07:19 +0100, MFPA wrote: > On Wednesday 21 June 2017 at 7:49:42 PM, in > , Peter > Lebbing wrote:- > > > I think it's a bad UX choice to > > name an invalid > > signature "UNTRUSTED Good" and a valid signature > >

Enigmail signature status indications (was: TOFU)

On 25/06/17 13:11, MFPA wrote: > But "good signature" _does_ mean when the signature was verified the > message had not been altered since it was signed. However, I don't think that this information is in any way relevant to a user if the key that signed it was not valid. I'm afraid the current

Re: TOFU

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Friday 23 June 2017 at 12:49:28 PM, in , Peter Lebbing wrote:- > When you say "not altered in transit", that would > very much depend on > your definition of "in transit". If a Man

Re: TOFU

On 23/06/17 03:07, MFPA wrote: > I thought "good signature" just meant the message has not been > altered in transit. That's very well possible. In that case there is no verbal indication of a valid signature, only a colour. The text I see for a signature by a fully valid key is: Good signature

Re: Are TOFU statistics used for validity or conflict resolution?

At Fri, 23 Jun 2017 13:22:23 +0200, Peter Lebbing wrote: > On 23/06/17 12:56, Neal H. Walfield wrote: > > It's up to the GPG client to interpret it. This document (authored by > > Andre and me) has some recommendations for MUAs: > > Ah! Thanks for the information. > > I was thinking about how

Re: Are TOFU statistics used for validity or conflict resolution?

On 23/06/17 12:56, Neal H. Walfield wrote: > It's up to the GPG client to interpret it. This document (authored by > Andre and me) has some recommendations for MUAs: Ah! Thanks for the information. I was thinking about how GnuPG handled it, i.e., on the gpg command line or as a backend for some

Re: Are TOFU statistics used for validity or conflict resolution?

has a small lapse, because, perhaps, you've used an > > unintercepted network path to retreive the "new" signature & key. > > So if I understand correctly, the "summary"/"validity" field merely > affects the text that is displayed to the use

Re: Are TOFU statistics used for validity or conflict resolution?

k" >> mode? > > No, both keys are set to ask. The key with a lot of observed > signatures could be bad. This could occur, if there is a MitM, but the > MitM has a small lapse, because, perhaps, you've used an unintercepted > network path to retreive the "new" signature &a

Re: Are TOFU statistics used for validity or conflict resolution?

At Thu, 22 Jun 2017 20:32:48 +0300, Teemu Likonen wrote: > Teemu Likonen [2017-06-22 09:42:50+03] wrote: > > Does the SUMMARY field's value (0-4) have effect on how key's validity > > is calculated or how TOFU conflicts are resolved or presented to a > > user? > &g

Re: TOFU

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Wednesday 21 June 2017 at 7:49:42 PM, in , Peter Lebbing wrote:- > I think it's a bad UX choice to > name an invalid > signature "UNTRUSTED Good" and a valid signature > "Good". I

Re: Are TOFU statistics used for validity or conflict resolution?

have > effect on how key's validity is calculated or how TOFU conflicts are > resolved or presented to a user? TOFU influences validity. By default, all known keys are marginally trusted in the TOFU model. (This is more or less the "first use" bit of "trust on first us

Re: Are TOFU statistics used for validity or conflict resolution?

Teemu Likonen [2017-06-22 09:42:50+03] wrote: > Does the SUMMARY field's value (0-4) have effect on how key's validity > is calculated or how TOFU conflicts are resolved or presented to a > user? I didn't get answers yet but I'll speculate a bit on the subject. This is all about &qu

Are TOFU statistics used for validity or conflict resolution?

Are TOFU statistics used for key's validity calculations or TOFU conflict resolution? Some background: The TOFU system keeps statistics about key's use. I'll quote some lines from the DETAILS document. About --with-colons --witt-tofu-info --list-keys: *** TFS - TOFU statistics

Re: TOFU

colliding long ID. > > I really should not have written it the way I did in the previous > mail, it was very sloppy. What i have learned is that i use with my (online) friends a separate list with their name and fingerprint on, have let TOFU checked the first couple of messages and then gi

Re: TOFU

On 21/06/17 20:49, Peter Lebbing wrote: > which would still > be marginally safe until computers are much faster, and certainly not a > short ID which is utterly unsafe and has always been. Which *might* still be marginally safe. I haven't done any actual calculations, and I want to seriously

Re: TOFU

On 21/06/17 20:30, Stefan Claas wrote: > Technically spoken Enigmail showed all three messages as "Untrusted > Good Signature from Ernst Mustermann etc. , because i have not signed > the first key locally, to get for the first two messages a green bar > in Enigmail. Or eith

Re: TOFU

On Wed, 21 Jun 2017 19:02:26 +0200, Peter Lebbing wrote: > On 08/06/17 22:33, Stefan Claas wrote: > > I did a test today with Enigmail and with TOFU in command line mode. > > I posted 3 messages with a fantasy name to a Usenet test group where > > the 3rd message was s

Re: TOFU

On 08/06/17 22:33, Stefan Claas wrote: > I did a test today with Enigmail and with TOFU in command line mode. > I posted 3 messages with a fantasy name to a Usenet test group where > the 3rd message was signed with a fake key and Enigmail showed me this: > > UNTRUSTED Good signa

Re: TOFU

f you don't mind. One of my tests showed me the difference between the classic way Enigmail handles the Untrusted blue signatures and how TOFU handles this. Now my question as a Mac dummie and TOFU newbie. If Mallory would gain tomorrow access to my Computer, but not to my passphrase and he woul

Re: TOFU

On 08.06.17 22:33, Stefan Claas wrote: [snip] bad signature and mangled text. I don't like how the Editor in Thunderbird works! I look like an idiot here on the list with my postings. Regards Stefan ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: TOFU

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 07.06.17 14:24, Peter Lebbing wrote: > I hope Enigmail will add the TOFU statistics to the displayed > information. > Or maybe they already did, I see that I'm using Debian > jessie's enigmail package for Enigmail, and Debian jessi

Re: TOFU

On 2017/06/07 13:24, Peter Lebbing wrote: > Not necessarily! > > I don't know if Enigmail checks whether the From: is equal to the key > UID, but we're talking about look-alike addresses here, not completely > equal addresses, so even that wouldn't help. If I send an email to myself from my new

Re: TOFU

: is equal to the key UID, but we're talking about look-alike addresses here, not completely equal addresses, so even that wouldn't help. It would, depending on tofu-default-policy, potentially be marked as Good with a green bar! It is from a new key from an e-mail address never before seen

TOFU (was: Question for app developers, like Enigmail etc. - Identicons)

ing about look-alike addresses here, not completely equal addresses, so even that wouldn't help. It would, depending on tofu-default-policy, potentially be marked as Good with a green bar! It is from a new key from an e-mail address never before seen. With the default tofu-default-policy,

Re: GnuPG 2.1.19 crashing when listing keys, if tofu-default-policy is "ask"

using GnuPG version 2.1.19 on Windows, running the pre-compiled > Windows binaries linked from the release announcement. > > I have the "with-fingerprint" option in gpg.conf; commenting it out > makes no difference. > > I also have "tofu-default-policy ask"; chan

Re: GnuPG 2.1.19 crashing when listing keys, if tofu-default-policy is "ask"

On Wed, 15 Mar 2017 12:11, jus...@g10code.com said: > https://bugs.gnupg.org/gnupg/issue2959 This bug was reported by dkg a month ago but we unfortunately missed to fix it for 2.1.19. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. pgpzc3eMl7Bal.pgp

Re: GnuPG 2.1.19 crashing when listing keys, if tofu-default-policy is "ask"

Hi, MFPA <2014-667rhzu3dc-lists-gro...@riseup.net> writes: > I have been having GnuPG crash with the following message when listing > keys:- > > gpg --list-keys > gpg: O j: Assertion "conflict_set" in get_trust failed > (/home/wk/b-w32/speedo/PLAY-release/gnupg-w32-2.1.19/g10/tofu.c:2787)

GnuPG 2.1.19 crashing when listing keys, if tofu-default-policy is "ask"

ies linked from the release announcement. I have the "with-fingerprint" option in gpg.conf; commenting it out makes no difference. I also have "tofu-default-policy ask"; changing "ask" to "unknown" makes the problem go away. [0] <https://ww

Re: tofu: Missing entry in the bindings table for new key

u can create a throwaway environment for >> experimentation by setting the environment variable GNUPGHOME to a >> temporary directory, like so (assuming a Bourne-like shell): > > This was easier to reproduce than I expected. I've attached the > transcript of a shell session demonst

Re: tofu: Missing entry in the bindings table for new key

g: Good signature from "foo <f...@example.org>" [ultimate] > gpg: aka "foo <f...@example.com>" [ultimate] > gpg: error updating TOFU database: NOT NULL constraint failed: > signatures.binding > gpg: TOFU: error registering signature: General error > >

Re: tofu: Missing entry in the bindings table for new key

o a > temporary directory, like so (assuming a Bourne-like shell): This was easier to reproduce than I expected. I've attached the transcript of a shell session demonstrating the problem. Manually calling "gpg --tofu-policy good $KEYID" fixes the issue. I'm using gpg 2.1.17; I haven't

tofu: Missing entry in the bindings table for new key

foo <f...@example.com>" [ultimate] gpg: error updating TOFU database: NOT NULL constraint failed: signatures.binding gpg: TOFU: error registering signature: General error Apparently no entry for my key/userid had been recorded in the bindings table. I was of course able to fix this by

Confusing options for --tofu-(default-)policy=

First a quote from the gpg 2.1.15 man page: --trust-model pgp|classic|tofu|tofu+pgp|direct|always|auto [...] In the TOFU model, policies are associated with bindings between keys and email addresses (which are extracted from user ids

gpg TOFU mutt

and use it in the gpg-agent.conf. I set 'trust-model tofu+pgp' in .gnupg/gpg.conf on the remote machine I'm using mutt with 'set crypt_use_gpgme=yes'. Now I wander which interaction I should see and when I should see it? For now I can see when I send an encrypted email to someone it is automatically

Re: Has GPGME been extended to support TOFU yet?

On Sat, 10 Sep 2016 16:27, 2014-667rhzu3dc-lists-gro...@riseup.net said: > Has GPGME been extended to support TOFU yet? There is support in the repo but we have recently changed data structures. Hopefully we can now keep it as it is and work towards the 1.7.0 release. Missing it

Has GPGME been extended to support TOFU yet?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Has GPGME been extended to support TOFU yet? Neal's announcement of TOFU last October [0] included the note "GpgME has not yet been extended to support TOFU so these messages might not be shown." I have searched, but not found any an

GnuPG-2.1.15 compile with tofu

FYI - On a clean, fresh installation of Ubuntu 16.04 LTS the following instructions will result in gnupg 2.1.15 with a functioning tofu: cd ~/Downloads wget https://gnupg.org/ftp/gcrypt/gnupg/gnupg-2.1.15.tar.bz2 wget https://gnupg.org/ftp/gcrypt/pinentry/pinentry-0.9.7.tar.bz2 tar xf gnupg

Re: TOFU support in GnuPG 2.1

On Thu, September 1, 2016 6:39 pm, w...@gnupg.org wrote: > On Thu, 1 Sep 2016 18:27, whitey...@sigaint.org said: > >> 1) What must I do to include TOFU support? > > If you look through the config.log or the your screen backlog, you will > notice that GNUTLS is missing which

Re: TOFU support in GnuPG 2.1

On Thu, 1 Sep 2016 18:27, whitey...@sigaint.org said: > 1) What must I do to include TOFU support? If you look through the config.log or the your screen backlog, you will notice that GNUTLS is missing which you need for all kind of https: access. And you are missing SQLite3 which we requ

Re: TOFU support in GnuPG 2.1

On 09/01/2016 06:27 PM, whitey...@sigaint.org wrote: 1) What must I do to include TOFU support? You're probably missing the development files of SQLite (depending on your distribution, they're probably in a package called sqlite-dev or similar). To confirm, look at the output

TOFU support in GnuPG 2.1

Hello, I have been using GnuPG 2.1.15 for several weeks having compiled it from source. After seeing several references to TOFU I decided to try it. I added "trust-model tofu+pgp" and "tofu-default-policy ask" to gpg.conf. When I ran gpg2, it balked at both entries so

Re: TOFU for GnuPG

ask my decision each time it encountered a new key/UID combination. My use of GnuPG is fairly limited: mainly participation in the PGPNET encrypted discussion group, occasional other encrypted email discussions, and signatures on a couple of discussion lists. > Note: GpgME has not yet been extend

Re: TOFU for GnuPG

At Thu, 5 Nov 2015 17:29:22 +, MFPA wrote: > On Thursday 29 October 2015 at 2:06:51 PM, in > <mid:878u6l93b8.wl-n...@walfield.org>, Neal H. Walfield wrote: > > Note: GpgME has not yet been extended to support TOFU > > so these messages might not be shown. > >

Re: TOFU for GnuPG

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 30 October 2015 at 12:09:51 PM, in , Neal H. Walfield wrote: > The user ids are used. These are authorative. If > there are N user ids, then N bindings are maintained. Presumably if no

Re: TOFU for GnuPG

> This could work if both keys are available locally. If you need to > look up the new key, this is not so easy. Don't we need to lookup the new key anyway to make validity decisions? Until then we assume "Unknown" trust. Well I can see that one of the features of Tofu is that Unkno

Re: TOFU for GnuPG

binding. How will TOFU react if a key for which bindings are already stored acquires a new UID? - -- Best regards MFPA <mailto:2014-667rhzu3dc-lists-gro...@riseup.net> The trouble with words is that you never know whose mouths they've been in. ---

Re: TOFU for GnuPG

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Tuesday 3 November 2015 at 3:29:02 PM, in , Neal H. Walfield wrote: > The bindings are between user id and key. So, a new > binding will be created. Will it flag up to the user that it is creating a

Re: TOFU for GnuPG

At Tue, 3 Nov 2015 15:37:06 +, MFPA wrote: > On Tuesday 3 November 2015 at 3:29:02 PM, in > , Neal H. Walfield wrote: > > > > The bindings are between user id and key. So, a new > > binding will be created. > > Will it flag up to the user that it is

Re: TOFU for GnuPG

do we not store > > a binding. > > > How will TOFU react if a key for which bindings are already stored > acquires a new UID? The bindings are between user id and key. So, a new binding will be created. Neal ___ Gnu

Re: TOFU for GnuPG

At Tue, 03 Nov 2015 16:10:24 +0100, Andre Heinecke wrote: > Don't we need to lookup the new key anyway to make validity decisions? Until > then we assume "Unknown" trust. In the verify case, yes. But what about the sign case? We just see that the old key has been revoked, but we don't know

Re: TOFU for GnuPG

then GnuPG can't help the user, because the new key is necessarily available locally. Note: the trust model is not relevant here. The issue of determining the new key is only relevant insofar as the TOFU code can suppress spurious conflict messages if it has this information. Thanks, :) Neal ___

Re: TOFU for GnuPG

Hi Andre, At Fri, 30 Oct 2015 13:23:14 +0100, Andre Heinecke wrote: > On Thursday 29 October 2015 22:28:54 Neal H. Walfield wrote: > > At Thu, 29 Oct 2015 18:48:43 +0100, > > > > Johannes Zarl-Zierl wrote: > > > Out of curiosity: Does the TOFU implementation for g

Re: TOFU for GnuPG

Hi, On Tuesday 03 November 2015 16:34:39 you wrote: > At Tue, 03 Nov 2015 16:10:24 +0100, > > Andre Heinecke wrote: > > Don't we need to lookup the new key anyway to make validity decisions? > > Until then we assume "Unknown" trust. > > In the verify case, yes. But what about the sign case?

Re: TOFU for GnuPG

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Saturday 31 October 2015 at 8:27:09 PM, in , Neal H. Walfield wrote: > N is the number of unique signatures. If you verify > the message signature multiple times, it will only > count once. Cool. >

Re: TOFU for GnuPG

Hi, At Sun, 1 Nov 2015 10:50:33 +, MFPA wrote: > Another thought. New signatures from a key that has long been inactive > may arouse suspicion. Perhaps it would be useful to output how long > ago was the last message verified. For example:- > > "66 messages signed over the past 3 years. The

Re: TOFU for GnuPG

At Sat, 31 Oct 2015 11:57:05 +, MFPA wrote: > > First, some statistics are displayed, namely, that > > we've verified 5 messages signed by this key in the > > past last hour. > > > Would it say the same if it were not five unique messages? For > example, we read the same email five times and

Re: TOFU for GnuPG

llance agency has this information at their fingertips. Protecting mail meta data is pretty hard and close to impossible if you do not want to leave traces on your local machine. For high security areas Tofu is definitely not an option. Salam-Shalom, Werner -- Die Gedanken sind frei. Aus

Re: TOFU for GnuPG

At Fri, 30 Oct 2015 14:32:07 +, MFPA wrote: > On Friday 30 October 2015 at 11:51:27 AM, in > , Neal H. Walfield wrote: > > > > Sure. But your point is a red herring. There is > > *currently* no way to do this. However, the next > > version of the

Re: TOFU for GnuPG

At Fri, 30 Oct 2015 12:06:14 +, MFPA wrote: > On Thursday 29 October 2015 at 2:06:51 PM, in > , Neal H. Walfield wrote: > > > > When you verify a > > message from some user for the first time, GnuPG saves > > the binding between the user id (actually, the

Re: TOFU for GnuPG

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Thursday 29 October 2015 at 9:28:54 PM, in , Neal H. Walfield wrote: > Unfortunately, it doesn't. This is because there is > currently no standard way to communicate the id of the > new key. I've

Re: TOFU for GnuPG

At Fri, 30 Oct 2015 11:43:28 +, MFPA wrote: > On Thursday 29 October 2015 at 9:28:54 PM, in > , Neal H. Walfield wrote: > > > > > Unfortunately, it doesn't. This is because there is > > currently no standard way to communicate the id of the > > new key.

Re: TOFU for GnuPG

Hi, On Thursday 29 October 2015 22:28:54 Neal H. Walfield wrote: > At Thu, 29 Oct 2015 18:48:43 +0100, > > Johannes Zarl-Zierl wrote: > > Out of curiosity: Does the TOFU implementation for gpg already allow for > > key transition statements / is this planned for som

Re: TOFU for GnuPG

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Thursday 29 October 2015 at 2:06:51 PM, in , Neal H. Walfield wrote: > When you verify a > message from some user for the first time, GnuPG saves > the binding between the user id (actually, the >

Re: TOFU for GnuPG

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Friday 30 October 2015 at 11:51:27 AM, in , Neal H. Walfield wrote: > Sure. But your point is a red herring. There is > *currently* no way to do this. However, the next > version of the OpenPGP spec

TOFU for GnuPG

Hi, Last week, I checked in the TOFU code for GnuPG. This code will be part of the next release. It would be great to get some additional testing before this happens! Background -- TOFU stands for Trust on First Use and is a concept that will be familiar to anyone who regularly uses

Re: TOFU for GnuPG

Hello, Am 29.10.2015 um 15:06 schrieb Neal H. Walfield: > First, some > statistics are displayed, namely, that we've verified 5 messages > signed by this key in the past last hour. isn’t it a little bit problematic that GPG now logs how often I received emails by someone else? Sincerely, DaB.

Re: TOFU for GnuPG

hardly be a security feature. Also, you could just disable TOFU if you're worried by it, but you would lose the functionality as well... Maybe there's a use case for optionally not gathering these statistics if key validity is already established through the WoT. That way, if you want to keep the fre

Re: TOFU for GnuPG

Hi Neal, Thanks for the heads-up on this. TOFU seems like a really big feature for everyday use! Out of curiosity: Does the TOFU implementation for gpg already allow for key transition statements / is this planned for some point in the future? Cheers, Johannes

  1   2   >