Proposal of OpenPGP Email Validation
Neal H. Walfield
neal at walfield.org
Tue Jul 28 09:22:23 CEST 2015
Did you consider user a proof-of-work scheme? For instance, the user
does a 1 week PoW, signs the result and attackes it to the key. These
would be refreshed about once a year.
This eliminates the verification servers and the problems associated
with them (namely, people need to trust them and there can't be too
many of them).
It also increases usability: there are no emails. This can be done
completely by, say, gpg-agent in the background.
gpg (or the email clients) don't need to know about special
verification keys / signatures. They just check the proof of work and
sort the returned keys appropriately.
More information about the Gnupg-users