TOFUProject
ActivePublic

Members

  • This project does not have any members.

Watchers

  • This project does not have any watchers.

Recent Activity

Apr 16 2018

gouttegd closed T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp as Resolved.

Thanks @werner for applying the patch. Closing here, since I have been using that patch for several weeks now without ever encountering the bug again.

Apr 16 2018, 3:41 PM · TOFU, gnupg (gpg22), gpa
werner added a commit to T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp: rGPA38aeb4b18890: Load the secret keyring before the public one..
Apr 16 2018, 12:33 PM · TOFU, gnupg (gpg22), gpa

Feb 19 2018

gouttegd added a comment to T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp.

The problem seems to have to do with the locking of the TOFU database.

Feb 19 2018, 12:55 AM · TOFU, gnupg (gpg22), gpa

Feb 16 2018

gouttegd added a comment to T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp.

Still trying to pinpoint the bug, but I am afraid I am stuck.

Feb 16 2018, 2:01 AM · TOFU, gnupg (gpg22), gpa

Jan 29 2018

gouttegd added a comment to T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp.

I did a few more tests and here are some more observations:

Jan 29 2018, 12:00 PM · TOFU, gnupg (gpg22), gpa

Jan 18 2018

werner triaged T3748: GPA is stuck if keyring is too big and trust-model is tofu+pgp as High priority.

One of these TOFU bugs. Thanks for the good bug report.

Jan 18 2018, 7:43 PM · TOFU, gnupg (gpg22), gpa

Aug 14 2017

marcus placed T2812: TOFU very slow on Windows up for grabs.
Aug 14 2017, 10:36 AM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
marcus placed T2815: TOFU conflict not part of GpgME's sigsum up for grabs.
Aug 14 2017, 10:36 AM · Stalled, Bug Report, gnupg, TOFU

Aug 10 2017

marcus added a commit to T2816: TOFU API in gpgme not documented: rM274609baceda: doc: Add more tofu documentation..
Aug 10 2017, 4:12 PM · gpgme, Bug Report, TOFU
marcus closed T2816: TOFU API in gpgme not documented as Resolved.

Done in 274609ba.

Aug 10 2017, 4:12 PM · gpgme, Bug Report, TOFU

Jul 13 2017

marcus assigned T2816: TOFU API in gpgme not documented to neal.
Jul 13 2017, 1:55 AM · gpgme, Bug Report, TOFU

Apr 3 2017

werner closed T2817: TOFU validity conflict not set on conflict as Resolved.

Time to say good bye my dear bug.

Apr 3 2017, 10:53 PM · Testing, Bug Report, gnupg, TOFU

Mar 30 2017

admin created TOFU.
Mar 30 2017, 6:42 PM

Mar 17 2017

neal removed a project from T2914: TOFU Conflict Status fd output broken: Testing.
Mar 17 2017, 7:39 PM · rc, Bug Report, gnupg, TOFU
neal closed T2914: TOFU Conflict Status fd output broken as Resolved.
Mar 17 2017, 7:39 PM · rc, Bug Report, gnupg, TOFU
neal added a comment to T2914: TOFU Conflict Status fd output broken.

I'm marking this as resolved since I think is fixed. Please reopen if this is
not the case.

Mar 17 2017, 7:39 PM · rc, Bug Report, gnupg, TOFU

Feb 2 2017

neal added a comment to T2914: TOFU Conflict Status fd output broken.

This should be fixed in 027b81b35fe36692005b8dba22d9eb2db05e8c80.

Feb 2 2017, 1:31 PM · rc, Bug Report, gnupg, TOFU
neal added a project to T2914: TOFU Conflict Status fd output broken: Testing.
Feb 2 2017, 1:31 PM · rc, Bug Report, gnupg, TOFU

Jan 30 2017

neal added a comment to T2914: TOFU Conflict Status fd output broken.

To be clear the initial output is not wrong. At the time the information is
initially requested, the message has not yet been processed.

Anyway, I think I'm working on a fix so this is a non-issue.

Jan 30 2017, 2:27 PM · rc, Bug Report, gnupg, TOFU

Jan 16 2017

aheinecke added a comment to T2914: TOFU Conflict Status fd output broken.

Note that each of these outputs is preceded by a KEY_CONSIDERED lined (for the
same key). Since the TOFU conflict information is per key, I'd expect an
implementation to say: Oh, there is already some conflict information for key X.
This must be a more up to date version, so I'll delete that first instead of
appending to it. Is this an unreasonable expectation?

In my Opinion it is. There is a technical, (i guess) unintentional, reason for
the multiple outputs, they
don't convey useful information. So I would consider this Output a Bug and
implementations
working like you describe it to be a workaround for that bug.

Getting firs wrong information and later updating it with the correct
information makes implementations
more complicated and error prone and currently is not handled in GPGME.

Also in GPGME we just want to figure out the TOFU Info for all the UID's of the
key used
to check the signature. We don't want information about conflicting keys. We need
a reliable way to filter this out. So I have a patch that ignores all TOFU_USER
lines
that don't match the fingerprint of the signature but still that breaks because
the "Update"
is not handled.

Jan 16 2017, 10:01 AM · rc, Bug Report, gnupg, TOFU
werner added a comment to T2914: TOFU Conflict Status fd output broken.

KEY_CONSIDERED is orthogonal to the TOFU stats. Thus GPGME thus not evaluate it
to learn about the TOFU state.

Jan 16 2017, 8:52 AM · rc, Bug Report, gnupg, TOFU

Jan 14 2017

neal added a comment to T2914: TOFU Conflict Status fd output broken.

It's true that the user is listed 4 times, but this is because tofu.c:get_trust
is called four times. For instance, the first time it is called to show the
"gpg: Good signature from "tofu_conflict@example.com" [marginal]" line, and the
second time is it called to register the signature (tofu_register_signature).
This also explains why the signature count increases between the first and
second versions.

Note that each of these outputs is preceded by a KEY_CONSIDERED lined (for the
same key). Since the TOFU conflict information is per key, I'd expect an
implementation to say: Oh, there is already some conflict information for key X.
This must be a more up to date version, so I'll delete that first instead of
appending to it. Is this an unreasonable expectation?

It should be possible to change the behavior to only output the TOFU_STATS lines
if a TOFU_STATS_LONG line is also output (but I need to think about it some
more). Would this be better?

Jan 14 2017, 11:31 PM · rc, Bug Report, gnupg, TOFU

Jan 6 2017

werner added a project to T2914: TOFU Conflict Status fd output broken: rc.
Jan 6 2017, 7:06 PM · rc, Bug Report, gnupg, TOFU
aheinecke added projects to T2914: TOFU Conflict Status fd output broken: TOFU, gnupg, Bug Report.
Jan 6 2017, 5:34 PM · rc, Bug Report, gnupg, TOFU
aheinecke set Version to master on T2914: TOFU Conflict Status fd output broken.
Jan 6 2017, 5:34 PM · rc, Bug Report, gnupg, TOFU

Dec 2 2016

neal added a comment to T2812: TOFU very slow on Windows.

In general, parallel operations aren't great, but I find that such bad
performance surprising.

If you update a key, only that key's effective policy is rechecked, not all
keys. But, the effective policy of conflicting keys is always rechecked.

Dec 2 2016, 11:22 AM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
werner closed T2742: tofu confused when keys are deleted from keyring as Resolved.
Dec 2 2016, 10:04 AM · Duplicate, TOFU, Bug Report, gnupg
werner added a comment to T2742: tofu confused when keys are deleted from keyring.

Duplicate of T2859

Dec 2 2016, 10:04 AM · Duplicate, TOFU, Bug Report, gnupg
werner added a project to T2742: tofu confused when keys are deleted from keyring: Duplicate.
Dec 2 2016, 10:04 AM · Duplicate, TOFU, Bug Report, gnupg
neal added a comment to T2742: tofu confused when keys are deleted from keyring.

This issue has also been reported in https://bugs.gnupg.org/gnupg/Issue2859

Werner replied there and I agree with his conclusion.

Dec 2 2016, 9:40 AM · Duplicate, TOFU, Bug Report, gnupg

Dec 1 2016

aheinecke added a comment to T2812: TOFU very slow on Windows.

While testing with tofu enabled I sometimes see that some actions take very
long. (>1minute)

Like importing a key in Kleopatra where Kleopatra does an import and starts a
keylist afterwards / in parallel.

I'll try to reproduce this on the command line. Just doing a simple import on
the command line is quick.

Do you have any hint what can take so long?
Like a trigger that would cause a rechecks for cross signatures?

Dec 1 2016, 1:23 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
aheinecke removed a project from T2812: TOFU very slow on Windows: Testing.
Dec 1 2016, 1:23 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Nov 30 2016

neal added a project to T2817: TOFU validity conflict not set on conflict: Testing.
Nov 30 2016, 11:44 AM · Testing, Bug Report, gnupg, TOFU
neal added a comment to T2817: TOFU validity conflict not set on conflict.

This should be fixed in: 2f27cb12e30c9f6e780354eecc3ff0039ed52c63 .

Nov 30 2016, 11:44 AM · Testing, Bug Report, gnupg, TOFU

Nov 29 2016

aheinecke added a comment to T2812: TOFU very slow on Windows.

On Windows especially the initial keylist is very slow, subsequent keylists are
okish (less then 10 seconds) I don't think it's as big a problem anymore.
Listing a specific key is ~100ms. And that is with a large keyring (~18mb) on a
VM with a fairly slow harddisk.

For me this would be good enough to use tofu on windows. So it can be resolved
if you do not think the performance (especially of the initial listing) can be
improved or should have been better.

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model tofu --list-keys --with-colons > $null }
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: please do a --check-trustdb
gpg: public key 60041E4EC03449C4 is 39 seconds newer than the signature
gpg: public key 60041E4EC03449C4 is 39 seconds newer than the signature

Days : 0
Hours : 0
Minutes : 1
Seconds : 14
Milliseconds : 785
Ticks : 747854659
TotalDays : 0.000865572521990741
TotalHours : 0.0207737405277778
TotalMinutes : 1.24642443166667
TotalSeconds : 74.7854659
TotalMilliseconds : 74785.4659

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model tofu --list-keys --with-colons > $null }
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: please do a --check-trustdb
gpg: public key 60041E4EC03449C4 is 39 seconds newer than the signature

Days : 0
Hours : 0
Minutes : 0
Seconds : 7
Milliseconds : 812
Ticks : 78128420
TotalDays : 9.0426412037037E-05
TotalHours : 0.00217023388888889
TotalMinutes : 0.130214033333333
TotalSeconds : 7.812842
TotalMilliseconds : 7812.842

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model pgp --list-keys --with-colons > $null }
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: public key 60041E4EC03449C4 is 39 seconds newer than the signature

Days : 0
Hours : 0
Minutes : 0
Seconds : 1
Milliseconds : 369
Ticks : 13697177
TotalDays : 1.58532141203704E-05
TotalHours : 0.000380477138888889
TotalMinutes : 0.0228286283333333
TotalSeconds : 1.3697177
TotalMilliseconds : 1369.7177

PS C:\Users\aheinecke> gpg --version
gpg (GnuPG) 2.1.17-beta30
libgcrypt 1.7.3

NOTE: THIS IS A DEVELOPMENT VERSION! It is only intended for test purposes and should NOT be used in a production environment or with production keys! Copyright (C) 2016 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later https://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

Home: C:/Users/aheinecke/AppData/Roaming/gnupg
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,

CAMELLIA128, CAMELLIA192, CAMELLIA256

Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

Nov 29 2016, 3:44 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Nov 23 2016

neal added a comment to T2812: TOFU very slow on Windows.

Fixed in 03a65a5. The time for doing a tofu --with-tofu-info --with-colons
listing is now similar to doing a pgp listing.

Please reopen if there are still unresolved issues.

$ time gpg2 --with-tofu-info --with-colons --no-auto-check-trustdb
--no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg
--trust-model pgp -k >/dev/null
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m1.972s
user 0m1.940s
sys 0m0.028s
$ time gpg2 --with-tofu-info --with-colons --no-auto-check-trustdb
--no-default-keyring --keyring /usr/share/keyrings/debian-keyring.gpg
--trust-model tofu -k >/dev/null
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m2.252s
user 0m2.172s
sys 0m0.020s

Nov 23 2016, 12:32 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
neal added a project to T2812: TOFU very slow on Windows: Testing.
Nov 23 2016, 12:32 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Nov 22 2016

neal added a comment to T2815: TOFU conflict not part of GpgME's sigsum.

I suspect that the problem is the same as T2817.

Nov 22 2016, 5:46 PM · Stalled, Bug Report, gnupg, TOFU
neal added a comment to T2817: TOFU validity conflict not set on conflict.

Andre and I chatted about this issue offline, and I now understand what the
problem is. The TOFU_STATS status line (as documented in gnupg/doc/DETAILS) has
a "validity" field that is a number between 0 and 4 where 1 to 4 indicate how
confident we are that the binding is valid, and 0 means that the binding has an
unresolved conflict. The problem that Andre has observed is that this field is
not set to 0 if there is a conflict.

As a matter of fact, the validity field is never set to 0. This is completely
redundant as the same TOFU_STATS status line has a policy parameter, which is
"ask" if there is a conflict. Moreover, overloading this field in this way
causes a loss of information. Just because there is a conflict doesn't mean
that gpg shouldn't report the validity, or that the client can't made use of it.

Thus, in my opinion, the right thing to do is to simply use the <policy> field
to detect whether there is a conflict. Werner has suggested that this is wrong,
but I couldn't follow his logic. Thus, I'm adding him to the nosy list and I
hope he can clarify what he wants here.

Nov 22 2016, 5:33 PM · Testing, Bug Report, gnupg, TOFU
neal updated subscribers of T2817: TOFU validity conflict not set on conflict.
Nov 22 2016, 5:33 PM · Testing, Bug Report, gnupg, TOFU

Nov 14 2016

neal added a comment to T2817: TOFU validity conflict not set on conflict.

Sorry for the delay in getting back to you on this issue. I think you mean they
have undefined trust (that's what I get here). Undefined trust means "not
enough information for calculation" (from trustdb.h).

Can you clarify what you mean by validity conflict?

Nov 14 2016, 3:52 PM · Testing, Bug Report, gnupg, TOFU

Nov 1 2016

neal added a comment to T2812: TOFU very slow on Windows.

Hi Andre,

Thanks for following up. I seem to be able to reproduce the first part of your
issue here and I'm looking in to it.

Thanks,
Neal

Nov 1 2016, 4:48 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Oct 31 2016

aheinecke added a comment to T2812: TOFU very slow on Windows.

Sry I accidentally posted an incomplete message with T2812 (aheinecke on Oct 31 2016, 05:08 PM / Roundup) (I used itsalltext
and postet a wrong version).

I wanted to write:

On the command line it's looking good. The second keylist is also down to 5
seconds on Windows.

But used from gpgme it still takes about a minute. If you add --with-colons and
slow down system calls by using strace you can also see this on GNU/Linux:

~> time strace gpg2 --no-default-keyring \

--keyring /usr/share/keyrings/debian-keyring.gpg \
--no-auto-check-trustdb --trust-model pgp \
--with-colons -k >/dev/null 2>&1

2.26s user 0.40s system 102% cpu 2.601 total
~> time strace gpg2 --no-default-keyring \

--keyring /usr/share/keyrings/debian-keyring.gpg \
--no-auto-check-trustdb --trust-model tofu \
--with-colons -k >/dev/null 2>&1

21.43s user 24.47s system 108% cpu 42.451 total

On Windows it's:

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--trust-model tofu --list-keys > $null
}
TotalSeconds : 7.0945596

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model tofu --lis
t-keys > $null }
TotalSeconds : 56.0914993

PS C:\Users\aheinecke> Measure-Command -Expression { gpg --no-auto-check-trustdb
--with-colons --trust-model pgp --list
-keys > $null }
TotalSeconds : 1.4855689

I'm also still seeing decryption blocked on Windows while a keylist
--with-colons runs.

I wonder if we should generally check out performance of reading the keyring on
Windows
mabye we could genrally improve it so that it's better cached by Windows.

Oct 31 2016, 5:11 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
aheinecke added a comment to T2817: TOFU validity conflict not set on conflict.

No both have unknown trust.

Oct 31 2016, 3:01 PM · Testing, Bug Report, gnupg, TOFU
neal added a comment to T2812: TOFU very slow on Windows.

7a634e48b13c5d5d295b8fed9b429e1b2109a333 should fix the contention issue.
Please let me know if you are still having issues.

Oct 31 2016, 3:17 AM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows

Oct 30 2016

neal added a comment to T2812: TOFU very slow on Windows.

eec365a & 614ca00 fixed the performance issue for me here.

us@chu:~/neal/work/gpg/test (GnuPGTest)$ rm tofu.db
us@chu:~/neal/work/gpg/test (GnuPGTest)$ time gpg --no-default-keyring --keyring
/usr/share/keyrings/debian-keyring.gpg -k >/dev/null
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m45.569s
user 0m34.316s
sys 0m10.872s
us@chu:~/neal/work/gpg/test (GnuPGTest)$ time gpg --no-default-keyring --keyring
/usr/share/keyrings/debian-keyring.gpg -k >/dev/null
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m2.306s
user 0m2.284s
sys 0m0.020s
us@chu:~/neal/work/gpg/test (GnuPGTest)$ time gpg --no-auto-check-trustdb
--trust-model pgp --no-default-keyring --keyring
/usr/share/keyrings/debian-keyring.gpg -k >/dev/null
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: please do a --check-trustdb
gpg: Note: signatures using the MD5 algorithm are rejected

real 0m2.261s
user 0m2.248s
sys 0m0.012s

Oct 30 2016, 7:12 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
neal added a comment to T2812: TOFU very slow on Windows.

The first time a key is encountered, we need to do a number of checks that
require reading its keyblock. These include checking whether the key is signed
by an ultimately trusted key. So, this cost is pretty much unavoidable, but it
should be a one time thing.

That other gpg processes stall is surprising, and I will investigate this. I
went to a fair amount of trouble to make sure that that doesn't happen in practice.

That the cost is higher on subsequent runs is a bit disconcerting. I will also
investigate this.

Oct 30 2016, 5:21 PM · Stalled, Bug Report, gnupg, Windows 32, TOFU, Windows
neal added a comment to T2817: TOFU validity conflict not set on conflict.

Are the two keys that you testing ultimately trusted? If so, then their
validity is good independent of their TOFU policy.

It is a bit unfortunate that the TOFU policy doesn't show this. I will try and
fix this, but it is a bit complicated because when a key's ownertrust is changed
(or a signature is added, etc.), the tofu db is not updated.

Oct 30 2016, 4:01 PM · Testing, Bug Report, gnupg, TOFU

Oct 25 2016

aheinecke added a project to T2742: tofu confused when keys are deleted from keyring: TOFU.
Oct 25 2016, 2:46 PM · Duplicate, TOFU, Bug Report, gnupg
aheinecke added projects to T2817: TOFU validity conflict not set on conflict: TOFU, gnupg, Bug Report.
Oct 25 2016, 2:35 PM · Testing, Bug Report, gnupg, TOFU