Proof of email ownership

Werner Koch wk at gnupg.org
Mon Aug 8 09:26:18 CEST 2005


On Sun, 07 Aug 2005 22:02:44 +0200, Jeroen Massar said:

>  - DNS is not a directory for random information

It is not random information it just extends the domain system by
local parts.  Anyway, DNS is nowadays not anymore as for what it has
been designed.

>  - Don't overload TXT records (though you can go the SPF
>    way and just make a record called SPF which is a TXT)

I know.  For experimenting TXT records are just fine.  Obviously this
should be replaced by a special record type designed for that purpose.

> example.org
> 	PGPSRV https keyserver.example.net /pks/
> 	PGPSRV hkp keyserver.example.net

That is a different thing.  The crucial point with PKA is to connect a
key to the DNS using the fingerprint.  Having a way to specify a
keyserver does not help: The information returned by a keyserver is
not trustworthy.  There are other ways of downloading a key; having
the URI part in the PKA record is mainly for convenience.

> Btw I specified https above, which is something I would really like to
> see implemented and usable in gpg. This allows everybody, who has access
> to their DNS that is, to specify a keyserver of their choice for that
> domain. The HTTPS, which implies SSL, makes it able for gnupg to have a
> secure transfer of this data and verification of the SSL certificate to

There is no need for a secure transfer of keys.  The keys are
intrinsic secure.  A keyserver is just a bunch of untrusted keys the
decision whether to trust a key is put onto the client.  You can't
trust them.  BTW, gpg when build with cURL supports SSL.

> Another note is that this all indeed still does not imply any trust,
> that needs to come from a lot of users signing your key, one way to

If you trust www.example.com you should also be able to trust mails
coming from someone at example.org.  The PKA scheme does exactly this.
It can be used as a good protection agains faked mails.

> solve it would be to have the domain admin have a trusted key, thus
> someone who has been verified, and have this key sign the keys in that

The Web of Trust does only for work closed groups and won't work on a
large scale.  In particular because it is impossible to teach an
average user to assign the ownertrust levels.  Those of the mail users
who are able to do it are also smart enough not to get tricked by
phishing mails - I am pretty sure that at least 95% of all users are
pretty good tragets.  Having a way to semi-automatically check the
sender address might be helpful.


Shalom-Salam,

   Werner




More information about the Gnupg-users mailing list