@zardoz@cybre.space Right. TOFU's also long been used in PGP/GPG, and is arguably more widespread than the Web of Trust.

A widely practices mis-assertion of a key is likely to result in a public disavowal ... eventually.

For someone with a particularly high threat function / risk calculus, that's not attractive. And for most casuals, it's yet another idea that can lead to bad practices / poor decisions which might later be regretted.

@freakazoid

@zardoz@cybre.space TOFU's prevalence shows though that even with strong crypto and good tools, validation mechanisms are largely informal.

@freakazoid

Sign in to participate in the conversation
mastodon.cloud

Everyone is welcome as long as you follow our code of conduct! Thank you. Mastodon.cloud is maintained by Sujitech, LLC.