Proposal of OpenPGP Email Validation

Ludwig Hügelschäfer mlisten at
Tue Jul 28 22:06:03 CEST 2015

Hash: SHA512

On 28.07.15 16:46, Ingo Klöcker wrote:
> On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote:
>> Hi Ingo,
>> On 27.07.15 16:31, Ingo Klöcker wrote:


>> Why should there not be a similar community approach for setting
>> up a (smaller) network of validating key server proxies.
> Well, the keyservers do not make any claims with regard to the
> authenticity or the integrity of the keys. Those checks are left to
> the clients. I do not have to trust any of the keyservers.
> The validating key server proxies claim validity of the UIDs (to a
> certain degree). I can see myself marking such a proxy as trusted
> by adding it to my gnupg.conf (or to KMail's configuration). But I
> cannot see myself adding such a proxy to the whitelist that's
> shipped with KMail.
> Another problem I see with whitelist management is revocation in
> case the validation key of a validating proxy is compromised.
> Again, for the CA certificate bundles that's handled by the
> distributors and not by individual application developers.

Let's concentrate on this one, I think this is the real tough task:
establishing a trust chain from the validating servers to the client.

There's one root certificate, signing the individual proxy certificates.

Each individual proxy has a certificate it is using for creating the
validating signatures.

Each client only needs to have the root certificate builtin. If it
encounters a validation proxy's certificate, it will download it.

If a proxy certificate is known compromised, the signature from the
root certificate is revoked.

If the root certificate is compromised (and revoked), the scheme will
require new client versions with a new root certificate builtin.

The client itself must refresh the root certificate and all downloaded
proxy certificates regularly.

This all requires a very small group of maintainers for the root
certificate (2 or 3 people), issueing and revoking signatures for
proxy certificates.

The client authors will need to have a trust chain to at least one
root certificate maintainer. This is also true for the proxy maintainers

This is my view of the problem :-)


Version: GnuPG v2


More information about the Gnupg-users mailing list