1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-10 13:04:23 +01:00

g10: Use total days, not total messages to compute TOFU validity

* g10/tofu.c (write_stats_status): Use the number of days with
signatures / encryptions to compute the validity, not the total number
of signatures / encryptions.
(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
(FULL_TRUST_THRESHOLD): Likewise.

Signed-off-by: Neal H. Walfield <neal@g10code.com>
This commit is contained in:
Neal H. Walfield 2016-12-16 14:49:10 +01:00
parent 94f6b9010d
commit 4a2c210b75

View File

@ -49,12 +49,12 @@
#define CONTROL_L ('L' - 'A' + 1) #define CONTROL_L ('L' - 'A' + 1)
/* Number of signed messages required to indicate that enough history /* Number of days with signed / ecnrypted messages required to
* is available for basic trust. */ * indicate that enough history is available for basic trust. */
#define BASIC_TRUST_THRESHOLD 10 #define BASIC_TRUST_THRESHOLD 4
/* Number of signed messages required to indicate that a lot of /* Number of days with signed / encrypted messages required to
* history is available. */ * indicate that a lot of history is available. */
#define FULL_TRUST_THRESHOLD 100 #define FULL_TRUST_THRESHOLD 21
/* A struct with data pertaining to the tofu DB. There is one such /* A struct with data pertaining to the tofu DB. There is one such
@ -2883,19 +2883,19 @@ write_stats_status (estream_t fp,
{ {
int summary; int summary;
int validity; int validity;
unsigned long messages; unsigned long days;
/* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the /* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the
sum of the magnitudes (m = a + b) to ensure a balance between sum of the magnitudes (m = a + b) to ensure a balance between
verified signatures and encrypted messages. */ verified signatures and encrypted messages. */
messages = sqrtu32 (signature_count * signature_count days = sqrtu32 (signature_days * signature_days
+ encryption_count * encryption_count); + encryption_days * encryption_days);
if (messages < 1) if (days < 1)
validity = 1; /* Key without history. */ validity = 1; /* Key without history. */
else if (messages < 2 * BASIC_TRUST_THRESHOLD) else if (days < 2 * BASIC_TRUST_THRESHOLD)
validity = 2; /* Key with too little history. */ validity = 2; /* Key with too little history. */
else if (messages < 2 * FULL_TRUST_THRESHOLD) else if (days < 2 * FULL_TRUST_THRESHOLD)
validity = 3; /* Key with enough history for basic trust. */ validity = 3; /* Key with enough history for basic trust. */
else else
validity = 4; /* Key with a lot of history. */ validity = 4; /* Key with a lot of history. */