Proposal of OpenPGP Email Validation
Werner Koch
wk at gnupg.org
Mon Jul 27 19:46:03 CEST 2015
On Mon, 27 Jul 2015 14:15, neal at walfield.org said:
> The approach also has another problem: which key servers are going to
> do this? There are 100s of key servers. I'm not going to reply to
> mails from each one, sorry.
As Nico described, PGP used a very simlar system to validate keys and
expire them based on the date of the last validation. However, that
system worked with because they control the central server and the
server did not sync with the other keyserver automatically. The
validation signature you find on some the keys are due to faulty manual
syncing (download from pgp.com upload to pgp.net). A solid approach for
central crypto server.
> I'd also consider having the key servers publish the validations. If
> you chain the validations (include the hash of the previous validation
You can't do that due to the decentralized approach with no requirement
for the user to always upload to the same keyserver. Thus a server may
miss validation signatures not yet received from other servers.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list