Too Long; Didn't Read
Trust On First Use (TOFU) is a security model in which a client needs to create a trust relationship with an unknown server. To do that, clients will look for identifiers (for example public keys) stored locally. If an identifieris found, the client can establish the connection. If no identifier is found, a client can prompt the user to determine if the client should trust the identifier. TOFU is used in the SSH protocol, in HTTP Public Key Pinning (HPKP) and in HSTS.