Proof of email ownership

Werner Koch wk at gnupg.org
Sun Aug 7 14:48:56 CEST 2005 

Hi!

Let me note that I am currently working on a simplified key validation
scheme.  The basic idea is to connect a signature to an DNS entry.

Our assumption is that DNS is secure and unforgeable - as of now it is
not but eventually DNSSEC will get deployed to solve this and many other
problems.

Here is how it works:

To create a signature on an email (or any other data) you would use:

  gpg -s -Npka-address at gnupg.org=werner at example.org foo

(add other options as you see fit). Now when someone wants to verify
the signature he does it using the usual

  gpg --verify foo.gpg

gpg detects that foo.gpg has the notation key pka-address at gnupg.org
and takes its value (werner at example.org) to run a DNS query like:

  $ host -t txt werner._pka.example.org
  werner._pka.example.org text "v=pka1\;fpr=A4D94E92B0986AB5EE9DC\
  D755DE249965B0358A2\;uri=finger:wk at example.com"
 
Now it compares the fingerprint given in that Text record against the
one of the public key used to verify the signature.  If they match, it
has been proved that the mail address werner at example.org is a
legitimate address in the domain example.org.  If not, someone tried
to use a faked key. As of now we use the outcome of this test to
change the validity status of the key either to FULL or to NEVER (if
they don't match).

A MUA - or an MTA - may now display the verified address
werner at example.org to the user and compare it to the From address.
Will will likely add ptions to gpg to make this easier.

As a bonus we also put the URI part into the TXT record to allow the
specification of a keyserver or whatever to retrieve the public key.
gpg uses this during signature verification as well when collecting
the recipients of a message; i.e. if you use "-r joe at example.org" it
would try to locate a PKA record for joe (joe._pka.example.org) and
use this for key validation as well as to retrieve the key for joe.

If you want to play with this feature, you need to build the latest
Subversion of gpg and put

  keyserver-options auto-pka-retrieve

into your gpg.conf.  For real PKA records, replace example.org by
fsfe.org.  If this all works out well, we might want to apply for a
dedicated DNS record type instead of using TXT. The scheme may also be
used for S/MIME.


Shalom-Salam,

   Werner

More information about the Gnupg-devel mailing list