Proposal of OpenPGP Email Validation
Kristian Fiskerstrand
kristian.fiskerstrand at sumptuouscapital.com
Mon Jul 27 19:54:14 CEST 2015
On 07/27/2015 07:46 PM, Werner Koch wrote:
> On Mon, 27 Jul 2015 14:15, neal at walfield.org said:
>
>
> You can't do that due to the decentralized approach with no
> requirement for the user to always upload to the same keyserver.
> Thus a server may miss validation signatures not yet received from
> other servers.
The way I read this proposal isn't about keyservers per se, but the
individual validation servers publishing a chained list (like a
blockchain) of its validations. There is merit to that proposal for
auditing purposes, although I'm not entirely sure how it'd work in
practice unless the blockchain itself was decentralized (it can't
function securely if completely local to validation server). iirc this
is what Google is doing with its approach as well[0].
References:
[0] http://www.certificate-transparency.org/
--
----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Knowing is not enough; we must apply. Willing is not enough; we must do."
(Johann Wolfgang von Goethe)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150727/a9e074f2/attachment.sig>
More information about the Gnupg-users
mailing list