Trust on First Use (TOFU)

Trust on first use (TOFU) is a security model used to establish trust between a client software and a machine for which no trust was previously established – i.e. a new machine. Upon connection, the client software will try to look up the machine’s identifier, usually some kind of public key, in its local trust database. If it does not find one, it will typically revert to the user to determine if the machine should be trusted. Once the decision is made, the identifier is recorded in the client software’s trust database for future connections.

 

Frequently Asked Questions
What are the strengths and weaknesses of the "Trust on First Use" Model?

Strengths –
Trust on first use is a mechanism for establishing trust where there was none before, typically based on a user decision. In cases where an administrator is setting up all components of the system, the TOFU is a good way to establish trust among the different components.

Weaknesses –
The first decide whether to trust a machine – a decision on which all consequent decisions will rely on – is a vulnerable one, because if an attacker manages to infiltrate this process and to get included as a trusted machine, then the client software is totally exposed. TOFU assumes that no attacker is present during the initial connection and basically lets the user determine whether a machine is legit, but users don’t always make the right decisions.

What is the purpose of " Trust on First Use?

Trust on first use is a mechanism for establishing trust where there was none before, typically based on a user decision.

Is "Trust on First Use" similar to Zero knowledge proof?

No. In the context of authentication, zero-knowledge proof allows one party to prove to another party that it is in possession of a secret without revealing the secret itself. Trust on first use is a mechanism for establishing trust where there was none before, typically based on a user decision.