> At any rate, TOFU is definitely *not* the X.509 CA model. In that it doesn't encourage CAs to sell certificates, true.
But it does mean you'll accept as true any certificate given to you, without full validation of identity and/or fingerprint. That it has some additional steps to alert if a certificate suddenly changes doesn't change the fact the fundamental behavior of TOFU is exactly what Mike has a problem with about TLS. _______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
