diff options
| author | Neal H. Walfield <[email protected]> | 2016-12-16 13:49:10 +0000 |
|---|---|---|
| committer | Neal H. Walfield <[email protected]> | 2016-12-16 13:51:15 +0000 |
| commit | 4a2c210b75d4266e289712e73a42c286aabb07f0 (patch) | |
| tree | 0e3a5d4d42118c4e35642e644a71d2b3cc7ed3eb /g10/tofu.c | |
| parent | g10: Extend TOFU_STATS to emit <sign-days> and <encyrption-days> (diff) | |
| download | gnupg-4a2c210b75d4266e289712e73a42c286aabb07f0.tar.gz gnupg-4a2c210b75d4266e289712e73a42c286aabb07f0.zip | |
g10: Use total days, not total messages to compute TOFU validity
* g10/tofu.c (write_stats_status): Use the number of days with
signatures / encryptions to compute the validity, not the total number
of signatures / encryptions.
(BASIC_TRUST_THRESHOLD): Adjust given the new semantics.
(FULL_TRUST_THRESHOLD): Likewise.
Signed-off-by: Neal H. Walfield <[email protected]>
Diffstat (limited to 'g10/tofu.c')
| -rw-r--r-- | g10/tofu.c | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/g10/tofu.c b/g10/tofu.c index 5f92de682..2bded9e8d 100644 --- a/g10/tofu.c +++ b/g10/tofu.c @@ -49,12 +49,12 @@ #define CONTROL_L ('L' - 'A' + 1) -/* Number of signed messages required to indicate that enough history - * is available for basic trust. */ -#define BASIC_TRUST_THRESHOLD 10 -/* Number of signed messages required to indicate that a lot of - * history is available. */ -#define FULL_TRUST_THRESHOLD 100 +/* Number of days with signed / ecnrypted messages required to + * indicate that enough history is available for basic trust. */ +#define BASIC_TRUST_THRESHOLD 4 +/* Number of days with signed / encrypted messages required to + * indicate that a lot of history is available. */ +#define FULL_TRUST_THRESHOLD 21 /* A struct with data pertaining to the tofu DB. There is one such @@ -2883,19 +2883,19 @@ write_stats_status (estream_t fp, { int summary; int validity; - unsigned long messages; + unsigned long days; /* Use the euclidean distance (m = sqrt(a^2 + b^2)) rather then the sum of the magnitudes (m = a + b) to ensure a balance between verified signatures and encrypted messages. */ - messages = sqrtu32 (signature_count * signature_count - + encryption_count * encryption_count); + days = sqrtu32 (signature_days * signature_days + + encryption_days * encryption_days); - if (messages < 1) + if (days < 1) validity = 1; /* Key without history. */ - else if (messages < 2 * BASIC_TRUST_THRESHOLD) + else if (days < 2 * BASIC_TRUST_THRESHOLD) validity = 2; /* Key with too little history. */ - else if (messages < 2 * FULL_TRUST_THRESHOLD) + else if (days < 2 * FULL_TRUST_THRESHOLD) validity = 3; /* Key with enough history for basic trust. */ else validity = 4; /* Key with a lot of history. */ |