Proposal of OpenPGP Email Validation

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Mon Jul 27 15:16:49 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Monday 27 July 2015 at 6:55:03 AM, in
<mid:55B5C7B7.4090907 at enigmail.net>, nico at enigmail.net wrote:



> Thus, I am happy for any feedback (details and general
> remarks) both here and directly as email to me.


Comments in no particular order, just as they occurred to me when
looking through your paper:-



If a key is validated by the proxy, then subsequently uploaded again
with a new UID, does the new UID get a validation expiry date that
matches the rest of the key? Or does it get a standard 12-month
validation period, but still get re-validated the next time one of the
other UIDs needs it, so that all UIDs' validation expiry dates are
brought back into sync? And what if the upload with an extra UID hits
a different validation server?

If a third party has uploaded my key, or if the validation server is
automatically validating existing keys in response to certain events,
the validation emails are unsolicited by me. Most people will not
click a link in such an email.

If a third party who can intercept my emails has generated a key
containing my email address in a UID, all bets are off.

If an email provider provides public keys for their customers,
presumably those keys are unsuitable for mail encryption because the
provider may have access to the private key.

The configuration changes for email clients that you mention, things
like which keyserver to use and which keys to trust, need to be set in
GnuPG.conf (or maybe some form of GnuPG wrapper or plugin) so that
they are used by an email client that simply calls GnuPG and therefore
honours GnuPG's own settings. Same for trust models; maybe you should
consider suggesting a modified trust model for GnuPG that includes
options for handling validation signatures.

Blacklists should not be used *anywhere* as they are a form of
censorship and can be used for DOS attacks.

In your proposal for listing validation signatures in GnuPG:
"‘!’ after sig signals successful validation" - why is this needed?
Surely the mere presence of a validation signature signals successful
validation.

Why would the notation value be base64 encoded? What is the rationale
for preventing users from reading the notation values in a key
listing?

Notation version numbers. Rather than using different notation names
such as validation-v2 at enigmail.net, I would think it better to keep
the notation name standard and put the version number at the start of
the value string.



- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

Of course it's a good idea - it's mine!
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJVti9OXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwomYIAKOZABvgm+ThrS8fEVBss0ZC
YGum47Mu1j72FAAVZWw2q/w34sOOpZmBU4SdqFYVtvy+g3+KpdBviybU3pZCjUx9
220pOHjLzyWOA1Kg4yl3N9NDRRzN70IvTf3S1jEwiJAedr4dH1Wq25SlS8vICj6r
JYohh9Cp4fEBXQTA7IJVvHUE6AbVRfeN4HqyaDCfLN3Om0m37fws2J9p6w9u7CnI
Pkuku+BwMMzJX2bqJo4rEQ9f777FGpyicAfj0xVEZuwfa5zZ6Uc5sWaxc9RXyjw7
zKHpwllefD3xhV7SavEjea5cmU2GpNuPDHwYB2tzMq3PR/zZxMdK8qF2tgTqpDmI
vgQBFgoAZgUCVbYvU18UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45HYGAQCMDqnx5p5GssdlNRjamhGLZ722
jSiKwhEuScsRNcg2dAEA5QtVWIzazuuC8KJB9kERVyXCnoWUu9QD7Rlatzh6wAU=
=0XZS
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list