Proposal of OpenPGP Email Validation
mlisten at hammernoch.net
Tue Jul 28 22:06:03 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
On 28.07.15 16:46, Ingo Klöcker wrote:
> On Monday 27 July 2015 21:05:26 Ludwig Hügelschäfer wrote:
>> Hi Ingo,
>> On 27.07.15 16:31, Ingo Klöcker wrote:
>> Why should there not be a similar community approach for setting
>> up a (smaller) network of validating key server proxies.
> Well, the keyservers do not make any claims with regard to the
> authenticity or the integrity of the keys. Those checks are left to
> the clients. I do not have to trust any of the keyservers.
> The validating key server proxies claim validity of the UIDs (to a
> certain degree). I can see myself marking such a proxy as trusted
> by adding it to my gnupg.conf (or to KMail's configuration). But I
> cannot see myself adding such a proxy to the whitelist that's
> shipped with KMail.
> Another problem I see with whitelist management is revocation in
> case the validation key of a validating proxy is compromised.
> Again, for the CA certificate bundles that's handled by the
> distributors and not by individual application developers.
Let's concentrate on this one, I think this is the real tough task:
establishing a trust chain from the validating servers to the client.
There's one root certificate, signing the individual proxy certificates.
Each individual proxy has a certificate it is using for creating the
Each client only needs to have the root certificate builtin. If it
encounters a validation proxy's certificate, it will download it.
If a proxy certificate is known compromised, the signature from the
root certificate is revoked.
If the root certificate is compromised (and revoked), the scheme will
require new client versions with a new root certificate builtin.
The client itself must refresh the root certificate and all downloaded
proxy certificates regularly.
This all requires a very small group of maintainers for the root
certificate (2 or 3 people), issueing and revoking signatures for
The client authors will need to have a trust chain to at least one
root certificate maintainer. This is also true for the proxy maintainers
This is my view of the problem :-)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----
More information about the Gnupg-users