diff options
| author | Neal H. Walfield <neal@g10code.com> | 2017-07-06 21:15:45 +0200 |
|---|---|---|
| committer | Neal H. Walfield <neal@g10code.com> | 2017-07-06 21:17:31 +0200 |
| commit | 243b2a570c30586e19b8c88e43b282d62d8eb77c (patch) | |
| tree | 4ed1d0ef381f18b63c18dd9947929e41236d4d68 /doc | |
| parent | doc: Fix typo. (diff) | |
| download | gnupg2-243b2a570c30586e19b8c88e43b282d62d8eb77c.tar.xz gnupg2-243b2a570c30586e19b8c88e43b282d62d8eb77c.zip | |
doc: Improve TOFU documentation.
* doc/gpg.texi: Improve TOFU documentation.
Signed-off-by: Neal H. Walfield <neal@g10code.com>
Suggested-by: Teemu Likonen <tlikonen@iki.fi>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/gpg.texi | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/doc/gpg.texi b/doc/gpg.texi index 9dceed9da..bc83eff75 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -1633,10 +1633,14 @@ Set what trust model GnuPG should follow. The models are: @opindex trust-model:tofu @anchor{trust-model-tofu} TOFU stands for Trust On First Use. In this trust model, the first - time a key is seen, it is memorized. If later another key is seen - with a user id with the same email address, a warning is displayed - indicating that there is a conflict and that the key might be a - forgery and an attempt at a man-in-the-middle attack. + time a key is seen, it is memorized. If later another key with a + user id with the same email address is seen, both keys are marked as + suspect. In that case, the next time either is used, a warning is + displayed describing the conflict, why it might have occured + (either the user generated a new key and failed to cross sign the + old and new keys, the key is forgery, or a man-in-the-middle attack + is being attempted), and the user is prompted to manually confirm + the validity of the key in question. Because a potential attacker is able to control the email address and thereby circumvent the conflict detection algorithm by using an |