[guardian-dev] TOFU coming to GnuPG

Hans-Christoph Steiner hans at guardianproject.info
Mon Sep 28 08:08:34 EDT 2015


>From the GnuPG summer news:

  [Werner Koch] wants GnuPG be easier to use for the masses.  This
  means, for instance, using TOFU as a trust model instead of the web of
  trust, which requires [too much curating] for nearly all
  users—including most technical users—to be effective.  Nevertheless,
  the goal isn't to somehow neuter GnuPG: it will remain possible to
  harden GnuPG for users who are trying to prevent targeted attacks with
  just a few configuration options.  The primary focus, however, is
  making GnuPG easier to use and more secure for casual use by default.

Here is more discussion on that topic:
* https://lists.gnupg.org/pipermail/gnupg-devel/2015-March/029629.html
* https://lists.gnupg.org/pipermail/gnupg-devel/2015-April/029649.html
* https://lists.gnupg.org/pipermail/gnupg-devel/2015-April/029638.html
* https://lists.gnupg.org/pipermail/gnupg-devel/2015-July/030150.html

.hc

-- 
PGP fingerprint: 5E61 C878 0F86 295C E17D  8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81


More information about the guardian-dev mailing list