[Pkg-gnupg-commit] [gnupg2] 85/185: doc: Improve TOFU documentation.
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Aug 7 11:55:23 UTC 2017
This is an automated email from the git hooks/post-receive script.
dkg pushed a commit to branch experimental
in repository gnupg2.
commit 243b2a570c30586e19b8c88e43b282d62d8eb77c
Author: Neal H. Walfield <neal at g10code.com>
Date: Thu Jul 6 21:15:45 2017 +0200
doc: Improve TOFU documentation.
* doc/gpg.texi: Improve TOFU documentation.
Signed-off-by: Neal H. Walfield <neal at g10code.com>
Suggested-by: Teemu Likonen <tlikonen at iki.fi>
---
doc/gpg.texi | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 9dceed9..bc83eff 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1633,10 +1633,14 @@ Set what trust model GnuPG should follow. The models are:
@opindex trust-model:tofu
@anchor{trust-model-tofu}
TOFU stands for Trust On First Use. In this trust model, the first
- time a key is seen, it is memorized. If later another key is seen
- with a user id with the same email address, a warning is displayed
- indicating that there is a conflict and that the key might be a
- forgery and an attempt at a man-in-the-middle attack.
+ time a key is seen, it is memorized. If later another key with a
+ user id with the same email address is seen, both keys are marked as
+ suspect. In that case, the next time either is used, a warning is
+ displayed describing the conflict, why it might have occured
+ (either the user generated a new key and failed to cross sign the
+ old and new keys, the key is forgery, or a man-in-the-middle attack
+ is being attempted), and the user is prompted to manually confirm
+ the validity of the key in question.
Because a potential attacker is able to control the email address
and thereby circumvent the conflict detection algorithm by using an
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-gnupg/gnupg2.git
More information about the Pkg-gnupg-commit
mailing list