Proposal of OpenPGP Email Validation

nico at enigmail.net nico at enigmail.net
Mon Jul 27 19:21:10 CEST 2015 

Thanks, Neal for the feedback.
I will try to answer.

Am 27.07.2015 um 14:15 schrieb Neal H. Walfield:
> Hi,
> 
> I guess you mean this:
> 
>   The idea I have in mind is roughly as follows: if you upload a key to
>   a keyserver, the keyserver would send an encrypted email to every UID
>   in the key. Each encrypted mail contains a unique link to confirm the
>   email address. Once all email addresses are confirmed, the key is
>   validated and the keyserver will allow access to it just like with any
>   regular keyserver.
> 
Hmm, not quite right, there are two major points where I think
there is some misunderstanding:

First, I DON'T propose to use key servers here.
In agreement with Kristian Fiskerstrand we propose to give
other servers the task.
As written, these "validation servers" should ideally operate as key
server proxies, though, passing all requests to keyservers and responses
back to email clients, while in addition doing/triggering email validations.
But for ordinary keyservers validations servers "only" provide
validation signatures as any other email client can do.

Second, because the signatures sign UIDs (not keys),
each UID is individually signed.
A validation server could wait to upload the key to a key server
until the FIRST email address is signed.
But in principle, uploading a key or a new UID for the key
is different from triggering its validation (and as a result uploading
the corresponding validation signature to the UID(s)).

> This approach is not going to stop a nation state.  A nation state can
> intercept the mail, decrypt it and follow the link.
> 
Sorry, don't know what a nation state is.

> For the same reason, it is not going to stop a user's ISP.  Given
> Microsoft's et al.'s willingness to cooperate with the NSA, these are
> not very good starting conditions.
> 
Although, Daniel answered, I didn't quite get the problem here
and would be happy if you prefer to explain the problem a bit in detail
(yes, sorry, I am not an expert).

> The approach also has another problem: which key servers are going to
> do this?  There are 100s of key servers.  I'm not going to reply to
> mails from each one, sorry.
> 
Hmm, I though I discussed that but may be my wording was bad.
Indeed, there should only by one validation request per email address
each year.
For this, we'd trust multiple validation signatures. But yes,
as I wrote, we have to maintain white- and/or black lists then
(in email clients or where ever).
And yes, THIS can be(come) a problem.

> This also seems like a nice way to spam someone.  Generate a key,
> upload it to a key server and they have a bunch of mails from the key
> server.  Based on this, I suspect that it won't take long for the key
> servers to be blacklisted?
> 
We though about that, but right I didn't write anything about it.
We might follow the following rule:
- Once validated, no re-validations can be triggered
  within the 12 months the signature is valid
  (may be unless the owner of the key itself troggers the re-validation)
- But yes, then we have the problem of others uploading
  faked keys (the problem we want to solve).
  First: May be it's fine that people get informed that
         faked keys are uploaded.
         At least I personally would like to know that.
  Then: I could trigger my own validation and as written
        in the first bullet disable any other validations
        unless triggered by me.
  Thus, once there is a successful validation
        this is no loner a problem.

> Have you considered these issues?  Do you have any thoughts about how
> to avoid these problems or do you think they are not real problems?
> 
At least a part of them, I hope.
But I would not be surprised having overlooked some stuff.
You are the experts.
I only want to solve the problem.

And indeed , the question, how to avoid to many validation requests
while at the same time having multiple validation servers
is something I am pretty unsure about details.
I am happy for any help here.

> Regarding the design: personally, I wouldn't have the user follow a
> link that includes a swiss number, but have the user reply to the
> mail, include the swiss number and sign it.
> 
OK, that's of course also possible.
Any reason why this is something you prefer?

> I'd also consider having the key servers publish the validations.  If
> you chain the validations (include the hash of the previous validation
> in the current validation) you can detect if the key servers serve a
> fake key to a specific user.
> 
OK, interesting idea.

Thanks a lot
  Nico

> Neal
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 
> 

-- 
Nicolai M. Josuttis
www.josuttis.de
mailto:nico at enigmail.net
PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5

More information about the Gnupg-users mailing list