Proposal of OpenPGP Email Validation

Neal H. Walfield neal at walfield.org
Tue Jul 28 09:22:23 CEST 2015


Hi,

Did you consider user a proof-of-work scheme?  For instance, the user
does a 1 week PoW, signs the result and attackes it to the key.  These
would be refreshed about once a year.

This eliminates the verification servers and the problems associated
with them (namely, people need to trust them and there can't be too
many of them).

It also increases usability: there are no emails.  This can be done
completely by, say, gpg-agent in the background.

gpg (or the email clients) don't need to know about special
verification keys / signatures.  They just check the proof of work and
sort the returned keys appropriately.

Neal



More information about the Gnupg-users mailing list