Proposal of OpenPGP Email Validation
mlisten at hammernoch.net
Mon Jul 27 21:05:26 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 27.07.15 16:31, Ingo Klöcker wrote:
> This whole concept of a whitelist of "trusted validation servers"
> included in the email clients sounds a lot like the CA certificate
> bundles included in browsers and/or OSes. Who is going to maintain
> this whitelist?
Whilelists: The OpenPGP-aware clients. There aren't so many of them,
so that's manageable.
> The email client developers? The OS manufactures? Who is going to
> certify "trusted validation servers", i.e. who is going to tell
> benign validation servers apart from malignant validation servers?
There is a community providing keyservers (such as
pool.sks-keyservers.net). My impression is that this network is well
maintained and has worked reliably the last years.
Why should there not be a similar community approach for setting up a
(smaller) network of validating key server proxies.
> I'd rather put my bets on a DANE-based approach like
DANE requires write access to DNS. I don't see that the average
OpenPGP user has facilities and knowledge to achieve setting up the
required DNS records. If you can't convince the big mail providers
(e.g. Google, GMX here in Germany, ...) to provide a reasonable
interface for their users, I'm afraid that this will not be a success,
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Gnupg-users