Proposal of OpenPGP Email Validation
Ingo Klöcker
kloecker at kde.org
Tue Jul 28 17:06:28 CEST 2015
On Tuesday 28 July 2015 09:22:23 Neal H. Walfield wrote:
> Hi,
>
> Did you consider user a proof-of-work scheme? For instance, the user
> does a 1 week PoW, signs the result and attackes it to the key. These
> would be refreshed about once a year.
Which problem do you propose to address with such a scheme? I can see the
zombie key issue being addressed by this, but this issue can as easily be
addressed by 1-year-key-expiration (where the PoW consists of extending the
expiration date).
I don't see how a PoW scheme addresses the fake key issue. Someone who is
motivated enough to create a fake key will most likely also be motivated
enough to add a PoW (at least, for the first year).
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150728/f1928c06/attachment.sig>
More information about the Gnupg-users
mailing list