Proposal of OpenPGP Email Validation

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Tue Jul 28 19:57:29 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Monday 27 July 2015 at 7:00:08 PM, in
<mid:55B671A8.7020109 at sumptuouscapital.com>, Kristian Fiskerstrand
wrote:



> It makes the information more compact and will make hkp
> vindex lists look cleaner.

I thought Base64 encodes 3 bytes into 4, so has a 33% overhead.



> Presuming this information
> contains data objects in json format it will be
> interpreted by a parser,

Couldn't human-readable data with a suitable field delimiter (such as
generated by GnuPG's "--with-colons" option) be interpreted by a
parser?



> and raw data from keyservers
> anyways shouldn't be trusted directly before validating
> the signature (including its subpackets/notations)
> since no crypto has been performed at that point.

Is that a good enough reason to deny the user the opportunity to read
the signature notation value data in a "--list-sigs" output?

What about in a "--check-sigs" output? The "!" would indicate the
validation signature signature could be trusted, but the Base64
encoding would obscure the detail about how the email address was
verified.


- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

Wait. You think I'm right?
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJVt8KTXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwvLsH/2QWBfAQ4HyJTtToMhIscl94
72ehjR/ackAyg4ojqbbN7/PDL4BBH7b5EjLIUcsVTwXUGxSw4Z1XBEAXR7oz70Uo
WJdyrQVc6CtYLnepzTH2atRSuwd3fv4BpYfbUZ+R4ogVqOtctZznFz2acCXj2HUH
Mqq8rUWiJzzCBTBHrprM5Hir8T9gwB/i0qjzOxta7NsMU4r8HcIgUTsxGuQWTjvX
mY1NNAXo/S5hjcf8dzHvO9jDSbbt9AtEfA/K3qoIDDJBvY9w5U3dj5i0lpelValM
iGC5rg9QJSXT755Rz2Mbs0lK/eYGRQXdJVn3e5vZn7fczOcdCdOMEPSzDTpY6vaI
vgQBFgoAZgUCVbfCmF8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45KWNAQD0RFU+Dg3l9npiN3QLXDxKtTnT
RJtvh2TagoxVi4AyHgEAvLnRqoss9FL3AkdPCFsfgRCwID44+X5Tr/mG43Jecgs=
=0igL
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list