Proof of email ownership

Samuel ]slund samuel at Update.UU.SE
Sat Aug 6 01:19:31 CEST 2005


On Fri, Aug 05, 2005 at 11:36:49PM +0200, David Srbecky wrote:
> Hello,
> 
> I just installed GnuPG to Thunderbird, created a key pair and uploaded 
> it to a keyserver. I have expected to receive some mail designed to 
> verify that I really own the email address (similar to the one that just 
> received to subscribe to this list), but I did not receive any.

There are no such automation.

> How can people know that I own the address if GnuPG did not check it?

Basically you tell the one you plan to communicate with "this is my key"
or you tell it to someone who the one you plan to communicate with knows.

Keywords you are looking for include "web of thrust" and "key signing".

Check out:
http://www.biglumber.com/

The GNU Privacy handbook
http://www.gnupg.org/gph/en/manual.html
Esp. chapter 3.

The GnuPG Documentation page
http://www.gnupg.org/(en)/documentation/index.html

> My next idea was that GnuPG is multipurpose cryptographic software and 
> I need to get some special signature verifying that I own specific mail. 
> I was looking for a way to accomplish that, but I have not found any.

Look for "Robot CA", but several people here think it is a bad idea, find
out why in the list archives before you go ahead.

HTH
//Samuel




More information about the Gnupg-users mailing list