<table><tr><td style="">dvratil updated this revision to Diff 12427.<br />dvratil retitled this revision from "Initial TOFU support in messageviewer" to "Use key trust leve to indicate how much the signature can be trusted.".<br />dvratil edited the summary of this revision. <a href="https://phabricator.kde.org/transactions/detail/PHID-XACT-DREV-fwtlonimp2e765p/" rel="noreferrer">(Show Details)</a>
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D3432" rel="noreferrer">View Revision</a></tr></table><br /><div><strong>CHANGES TO REVISION SUMMARY</strong><div><div style="white-space: pre-wrap; color: #74777D;"><span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">When key trust is only marginal, try to use TOFU sign count to figure if we can really trust the key.<br />
<br />
The logic boils down to the following pseudo-code, loosely based on logic in the Outlook PGP plugin from Andre.<br />
<br />
foreach signature {<br />
if (keyValidity < Marginal) {<br />
untrusted key, try another signature<br />
continue<br />
} else if (keyValidity == Marginal) {<br />
if (tofu == Conflict) {<br />
report conflict<br />
return<br />
} else if (tofu < LittleHistory) {<br />
the key is not trusted enough and TOFU does not have enough history, try another signature<br />
continue<br />
} else if (tofuSign <= 10) {<br />
key is not trusted enough and TOFU has too little history. Try to find another signature with better trust or fallback to this one, but sender will be unverfied<br />
continue<br />
} else (tofu >= LittleHistory && tofuSign > 10) {<br />
key is not trusted enough, but TOFU has enough history, accept the sender as verified<br />
return<br />
} else {<br />
// unreachable<br />
}<br />
} else {<br />
key is well-trusted, use it<br />
return<br />
}<br />
}<br />
<br />
<br />
One of the setbacks I noticed so far is that keys that previously were shown in green are now yellow, because there's not enough TOFU history for them. I wonder if we should somehow try to import all emails into TOFU if its enabled...?</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">Use key trust levels to use indicate how much the signature can be trusted.</span></div></div></div><br /><div><strong>CHANGES SINCE LAST UPDATE</strong><div><a href="https://phabricator.kde.org/D3432?vs=8341&id=12427" rel="noreferrer">https://phabricator.kde.org/D3432?vs=8341&id=12427</a></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D3432" rel="noreferrer">https://phabricator.kde.org/D3432</a></div></div><br /><div><strong>AFFECTED FILES</strong><div><div>messagecore/src/messagecoreutil.cpp<br />
messagecore/src/messagecoreutil.h<br />
messageviewer/src/messagepartthemes/default/defaultrenderer.cpp<br />
messageviewer/src/messagepartthemes/default/templates/signedmessagepart.html<br />
messageviewer/src/viewer/csshelper.cpp<br />
messageviewer/src/viewer/csshelperbase.cpp<br />
messageviewer/src/viewer/csshelperbase.h<br />
mimetreeparser/src/CMakeLists.txt<br />
mimetreeparser/src/config.h.cmake<br />
mimetreeparser/src/viewer/messagepart.cpp<br />
mimetreeparser/src/viewer/messagepart.h</div></div></div><br /><div><strong>To: </strong>dvratil, knauss, aheinecke<br /><strong>Cc: </strong>kde-pim, dvasin, winterz, vkrause, mlaurent, knauss, dvratil<br /></div>