Proposal of OpenPGP Email Validation
kloecker at kde.org
Tue Jul 28 17:06:28 CEST 2015
On Tuesday 28 July 2015 09:22:23 Neal H. Walfield wrote:
> Did you consider user a proof-of-work scheme? For instance, the user
> does a 1 week PoW, signs the result and attackes it to the key. These
> would be refreshed about once a year.
Which problem do you propose to address with such a scheme? I can see the
zombie key issue being addressed by this, but this issue can as easily be
addressed by 1-year-key-expiration (where the PoW consists of extending the
I don't see how a PoW scheme addresses the fake key issue. Someone who is
motivated enough to create a fake key will most likely also be motivated
enough to add a PoW (at least, for the first year).
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users