[messaging] TOFU Support in GNUPG

Ximin Luo infinity0 at pwned.gg
Tue Nov 3 08:09:25 PST 2015

I've never understood why TS is so hostile to the PGP WoT. Pretending security issues don't exist, even if you manage to convince your followers of this, doesn't mean the security issues don't *actually* exist.

Using TOFU is better than not using WoT and not using TOFU, but using the WoT is better than using TOFU. Also, SSH and OTR both implement TOFU in a much better way (security-wise and usability-wise) than TS does. I haven't tried out GPG's implementation yet.

I fully get the "better for the whole world" argument, so I support this effort by GPG. But since I know how to do KSPs, I will continue to do KSPs personally, thank you very much.


On 03/11/15 16:48, Frederic Jacobs wrote:
> Interesting update from GNUPG, they decided to implement TOFU in addition to Web of Trust. Admitting that in practice and usability considered, TOFU is a are secure trust model than the Web of Trust.
> Bye bye PGP key signing parties?
>> In contrast to the Web of Trust <https://en.wikipedia.org/wiki/Web_of_trust> (WoT), TOFU's security guarantees are rather weak. When using the WoT correctly, you can have high confidence that if GnuPG says a given key is controlled by a specific user, then it probably is. TOFU, on the other hand, is only able to detect when the key associated with an email address has changed. Despite this, TOFU will be more secure than the WoT for most users in practice. This is because using the WoT requires a lot of manual support, which most users never both with. In particular, you need to verify fingerprints and set the owner trust to take advantage of friend of friend verification.
>> Happily you don't need to choose between TOFU and the WoT. It is possible to combine them using the tofu+pgp trust model. In this model, the trust level for a key under each model is computed and then the maximum is taken.
> https://gnupg.org/blog/20151103-gnupg-in-october.html


More information about the Messaging mailing list