Proposal of OpenPGP Email Validation

Ingo Klöcker kloecker at kde.org
Tue Jul 28 16:46:54 CEST 2015 

On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote:
> Hi Ingo,
> 
> On 27.07.15 16:31, Ingo Klöcker wrote:
> > This whole concept of a whitelist of "trusted validation servers"
> > included in the email clients sounds a lot like the CA certificate
> > bundles included in browsers and/or OSes. Who is going to maintain
> > this whitelist?
> 
> Whilelists: The OpenPGP-aware clients. There aren't so many of them,
> so that's manageable.

Speaking for KMail how can I be sure that somebody who claims that his 
validation server can be trusted can actually be trusted and should therefore 
be added to the whitelist? KDE avoids this problem for the CA certificate 
bundle by relying on the certificate bundles provided by the Linux 
distributors or by Mozilla.


> > The email client developers? The OS manufactures? Who is going to
> > certify "trusted validation servers", i.e. who is going to tell
> > benign validation servers apart from malignant validation servers?
> 
> There is a community providing keyservers (such as
> pool.sks-keyservers.net). My impression is that this network is well
> maintained and has worked reliably the last years.
> 
> Why should there not be a similar community approach for setting up a
> (smaller) network of validating key server proxies.

Well, the keyservers do not make any claims with regard to the authenticity or 
the integrity of the keys. Those checks are left to the clients. I do not have 
to trust any of the keyservers.

The validating key server proxies claim validity of the UIDs (to a certain 
degree). I can see myself marking such a proxy as trusted by adding it to my 
gnupg.conf (or to KMail's configuration). But I cannot see myself adding such 
a proxy to the whitelist that's shipped with KMail.

Another problem I see with whitelist management is revocation in case the 
validation key of a validating proxy is compromised. Again, for the CA 
certificate bundles that's handled by the distributors and not by individual 
application developers.


> > I'd rather put my bets on a DANE-based approach like
> > https://datatracker.ietf.org/doc/draft-ietf-dane-openpgpkey/
> 
> DANE requires write access to DNS. I don't see that the average
> OpenPGP user has facilities and knowledge to achieve setting up the
> required DNS records. If you can't convince the big mail providers
> (e.g. Google, GMX here in Germany, ...) to provide a reasonable
> interface for their users, I'm afraid that this will not be a success,

I'm confident that the smaller mail providers who focus on security would be 
willing to add such an interface. Frankly, I do not care that much for the big 
mail providers. People who really value privacy should use mail providers that 
value privacy.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150728/cfc82b25/attachment.sig>

More information about the Gnupg-users mailing list