diff --git a/.mikaela/gpg.conf b/.mikaela/gpg.conf
index 461fb4d8..2b3f8cd3 100644
--- a/.mikaela/gpg.conf
+++ b/.mikaela/gpg.conf
@@ -78,3 +78,14 @@ no-comments
 # Don't output version, small chance of having people put same keys on IPFS
 no-emit-version
 
+# Trust On First Use (marginal trust) with WoT being full trust. I find this
+# less annoying in KMail than only WoT or the comment below, and I think it
+# may be additional motivation for me to actually sign the keys I trust with
+# all keyservers hiding signatures and gpg not importing them.
+# I think `keybase pgp pull` also helps here as the people I am tracking
+# there are going to be in my keyring, however it's still a centralized
+# service.
+trust-model tofu+pgp
+# WoT with TOFU’s conflict detection, but without positive trust
+#tofu-default-policy unknown
+
diff --git a/gpg/gpg.conf b/gpg/gpg.conf
index 8fe9b2a6..1ad0b29c 100644
--- a/gpg/gpg.conf
+++ b/gpg/gpg.conf
@@ -78,3 +78,14 @@ no-comments
 # Don't output version, small chance of having people put same keys on IPFS
 no-emit-version
 
+# Trust On First Use (marginal trust) with WoT being full trust. I find this
+# less annoying in KMail than only WoT or the comment below, and I think it
+# may be additional motivation for me to actually sign the keys I trust with
+# all keyservers hiding signatures and gpg not importing them.
+# I think `keybase pgp pull` also helps here as the people I am tracking
+# there are going to be in my keyring, however it's still a centralized
+# service.
+trust-model tofu+pgp
+# WoT with TOFU’s conflict detection, but without positive trust
+#tofu-default-policy unknown
+