Proposal of OpenPGP Email Validation

Ingo Klöcker kloecker at kde.org
Tue Jul 28 17:06:28 CEST 2015


On Tuesday 28 July 2015 09:22:23 Neal H. Walfield wrote:
> Hi,
> 
> Did you consider user a proof-of-work scheme?  For instance, the user
> does a 1 week PoW, signs the result and attackes it to the key.  These
> would be refreshed about once a year.

Which problem do you propose to address with such a scheme? I can see the 
zombie key issue being addressed by this, but this issue can as easily be 
addressed by 1-year-key-expiration (where the PoW consists of extending the 
expiration date).

I don't see how a PoW scheme addresses the fake key issue. Someone who is 
motivated enough to create a fake key will most likely also be motivated 
enough to add a PoW (at least, for the first year).


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150728/f1928c06/attachment.sig>


More information about the Gnupg-users mailing list