Glossary of Security Terms: TOFU by@mozilla

Glossary of Security Terms: TOFU

image
Mozilla Contributors HackerNoon profile picture

Mozilla Contributors

Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.

Trust On First Use (TOFU) is a security model in which a client needs to create a trust relationship with an unknown server. To do that, clients will look for identifiers (for example public keys) stored locally. If an identifier
is found, the client can establish the connection. If no identifier is found, the client can prompt the user to determine if the client should trust the identifier.

TOFU is used in the SSH protocol, in HTTP Public Key Pinning (HPKP) where the browsers will accept the first public key returned by the server, and in

Strict-Transport-Security
 (HSTS) where a browser will obey the redirection rule.

Learn more

View Previous Terms:

Mozilla Contributors HackerNoon profile picture
by Mozilla Contributors @mozilla.Mozilla (stylized as moz://a) is a free software community founded in 1998 by members of Netscape.
Read my stories

Comments

Signup or Login to Join the Discussion

Tags

Related Stories