Proof of email ownership

Werner Koch wk at
Sun Aug 7 14:48:56 CEST 2005


Let me note that I am currently working on a simplified key validation
scheme.  The basic idea is to connect a signature to an DNS entry.

Our assumption is that DNS is secure and unforgeable - as of now it is
not but eventually DNSSEC will get deployed to solve this and many other

Here is how it works:

To create a signature on an email (or any other data) you would use:

  gpg -s -Npka-address at at foo

(add other options as you see fit). Now when someone wants to verify
the signature he does it using the usual

  gpg --verify foo.gpg

gpg detects that foo.gpg has the notation key pka-address at
and takes its value (werner at to run a DNS query like:

  $ host -t txt text "v=pka1\;fpr=A4D94E92B0986AB5EE9DC\
  D755DE249965B0358A2\;uri=finger:wk at"
Now it compares the fingerprint given in that Text record against the
one of the public key used to verify the signature.  If they match, it
has been proved that the mail address werner at is a
legitimate address in the domain  If not, someone tried
to use a faked key. As of now we use the outcome of this test to
change the validity status of the key either to FULL or to NEVER (if
they don't match).

A MUA - or an MTA - may now display the verified address
werner at to the user and compare it to the From address.
Will will likely add ptions to gpg to make this easier.

As a bonus we also put the URI part into the TXT record to allow the
specification of a keyserver or whatever to retrieve the public key.
gpg uses this during signature verification as well when collecting
the recipients of a message; i.e. if you use "-r joe at" it
would try to locate a PKA record for joe ( and
use this for key validation as well as to retrieve the key for joe.

If you want to play with this feature, you need to build the latest
Subversion of gpg and put

  keyserver-options auto-pka-retrieve

into your gpg.conf.  For real PKA records, replace by  If this all works out well, we might want to apply for a
dedicated DNS record type instead of using TXT. The scheme may also be
used for S/MIME.



More information about the Gnupg-users mailing list