@zardoz@cybre.space Right. TOFU's also long been used in PGP/GPG, and is arguably more widespread than the Web of Trust.

A widely practices mis-assertion of a key is likely to result in a public disavowal ... eventually.

For someone with a particularly high threat function / risk calculus, that's not attractive. And for most casuals, it's yet another idea that can lead to bad practices / poor decisions which might later be regretted.


@zardoz@cybre.space TOFU's prevalence shows though that even with strong crypto and good tools, validation mechanisms are largely informal.


Sign in to participate in the conversation

Everyone is welcome as long as you follow our code of conduct! Thank you. Mastodon.cloud is maintained by Sujitech, LLC.