Proposal of OpenPGP Email Validation

MFPA 2014-667rhzu3dc-lists-groups at
Mon Jul 27 15:16:49 CEST 2015

Hash: SHA512


On Monday 27 July 2015 at 6:55:03 AM, in
<mid:55B5C7B7.4090907 at>, nico at wrote:

> Thus, I am happy for any feedback (details and general
> remarks) both here and directly as email to me.

Comments in no particular order, just as they occurred to me when
looking through your paper:-

If a key is validated by the proxy, then subsequently uploaded again
with a new UID, does the new UID get a validation expiry date that
matches the rest of the key? Or does it get a standard 12-month
validation period, but still get re-validated the next time one of the
other UIDs needs it, so that all UIDs' validation expiry dates are
brought back into sync? And what if the upload with an extra UID hits
a different validation server?

If a third party has uploaded my key, or if the validation server is
automatically validating existing keys in response to certain events,
the validation emails are unsolicited by me. Most people will not
click a link in such an email.

If a third party who can intercept my emails has generated a key
containing my email address in a UID, all bets are off.

If an email provider provides public keys for their customers,
presumably those keys are unsuitable for mail encryption because the
provider may have access to the private key.

The configuration changes for email clients that you mention, things
like which keyserver to use and which keys to trust, need to be set in
GnuPG.conf (or maybe some form of GnuPG wrapper or plugin) so that
they are used by an email client that simply calls GnuPG and therefore
honours GnuPG's own settings. Same for trust models; maybe you should
consider suggesting a modified trust model for GnuPG that includes
options for handling validation signatures.

Blacklists should not be used *anywhere* as they are a form of
censorship and can be used for DOS attacks.

In your proposal for listing validation signatures in GnuPG:
"‘!’ after sig signals successful validation" - why is this needed?
Surely the mere presence of a validation signature signals successful

Why would the notation value be base64 encoded? What is the rationale
for preventing users from reading the notation values in a key

Notation version numbers. Rather than using different notation names
such as validation-v2 at, I would think it better to keep
the notation name standard and put the version number at the start of
the value string.

- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at>

Of course it's a good idea - it's mine!


More information about the Gnupg-users mailing list