Proposal of OpenPGP Email Validation

Ludwig Hügelschäfer mlisten at hammernoch.net
Tue Jul 28 22:06:03 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 28.07.15 16:46, Ingo Klöcker wrote:
> On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote:
>> Hi Ingo,
>> 
>> On 27.07.15 16:31, Ingo Klöcker wrote:

(...)

>> Why should there not be a similar community approach for setting
>> up a (smaller) network of validating key server proxies.
> 
> Well, the keyservers do not make any claims with regard to the
> authenticity or the integrity of the keys. Those checks are left to
> the clients. I do not have to trust any of the keyservers.
> 
> The validating key server proxies claim validity of the UIDs (to a
> certain degree). I can see myself marking such a proxy as trusted
> by adding it to my gnupg.conf (or to KMail's configuration). But I
> cannot see myself adding such a proxy to the whitelist that's
> shipped with KMail.
> 
> Another problem I see with whitelist management is revocation in
> case the validation key of a validating proxy is compromised.
> Again, for the CA certificate bundles that's handled by the
> distributors and not by individual application developers.

Let's concentrate on this one, I think this is the real tough task:
establishing a trust chain from the validating servers to the client.

There's one root certificate, signing the individual proxy certificates.

Each individual proxy has a certificate it is using for creating the
validating signatures.

Each client only needs to have the root certificate builtin. If it
encounters a validation proxy's certificate, it will download it.

If a proxy certificate is known compromised, the signature from the
root certificate is revoked.

If the root certificate is compromised (and revoked), the scheme will
require new client versions with a new root certificate builtin.

The client itself must refresh the root certificate and all downloaded
proxy certificates regularly.

This all requires a very small group of maintainers for the root
certificate (2 or 3 people), issueing and revoking signatures for
proxy certificates.

The client authors will need to have a trust chain to at least one
root certificate maintainer. This is also true for the proxy maintainers
.

This is my view of the problem :-)

Ludwig


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJVt+CmAAoJEDrb+m0Aoeb+MZsP/RhiweEwRqQhG1q6yyrFLdYJ
+tBUUYOlKWdI3xoDCX2g0dUu+4hl9VcbvLpOJSunDgbPNT7HHaZSKmV8Mo+3iE2o
J9v9jGdmK3UJxBRNZhR2+z0vN2Qm9OWN2a17rd7EDmwAjr6GZ6zqw1XMTjd3JSz9
yDGaCgMQhLfcw0qesTD4rKEWNf95KQBpFdWcJypcEPBJtad676SNwHLBAnktAhJ+
Oo942tT9982s2ijnPfGGw5CS8K+J2T2kS/ucMPWFwK4m6/NngLip20ET+S2DcBcG
f09RHHwvPUc1/j6QDb1HfDdlu9vqUp/h9MZ6EEBPPCCDwTtl0RSXnd6jveEJtzrs
X5DSZRMruDrjNw4OJ0NQytN1s+FeyZn1I/vQYEREgJgGdzGmW1UpcqbzVhMOOFHz
dgP5RbIrgQC2MbgZDjARlFK8SknJxO0D6B9RYqaYE4bCr6/x4+9vZ9XAJZw8wYlt
25gP1S7oLC8g3vsVNXfkXeaRRC7V6PPKPWxqcodBtg0uQh49H8i7G53W/OMpu/aZ
QJJn8Z2JqKbye/0IRByYcCEcnd2dviHRA++eWQswdJpb6kyJv7LraHgV3z0lhZkI
Qj9roCPGuqIsHGuQLoL+leOp6xUkWbgdT1dWNnIkCzWnRB3wl5pJ9R6eIKGcWlmO
jZqhgSJBm5V7OXV51bdr
=0UhR
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list