Proposal of OpenPGP Email Validation

Neal H. Walfield neal at
Wed Jul 29 00:46:10 CEST 2015

At Tue, 28 Jul 2015 19:22:29 +0100,
MFPA wrote:
> On Tuesday 28 July 2015 at 8:22:23 AM, in
> <mid:87y4i0n3v4.wl-neal at>, Neal H. Walfield wrote:
> > Did you consider user a proof-of-work scheme?  For
> > instance, the user does a 1 week PoW, signs the result
> > and attackes it to the key.  These would be refreshed
> > about once a year.
> Would this one-week PoW pause when the user shuts down and continue
> when they boot it up? There are plenty of email users who do not leave
> their computer running all the time.

Of course.  A simple proof of work scheme is to find a hash that
starts with X zeros.  This requires 2^X steps.  In our case, the
prefix of the text would be the primary public key.

> > This eliminates the verification servers and the
> > problems associated with them (namely, people need to
> > trust them and there can't be too many of them).
> It also eliminates any attempt to to establish a link between the key
> and the email address in the UID.

I'm not so sure.  Recall that we are not attempting to protect against
attacks by nation states.  As such, performing a week of computation
each year is going to be too much to maintain for those who upload
fake keys.  Moreover, this will automatically purge old keys (or at
least rank them very low in search results).  In other words, only
people who actually use a given key will bother performing the work.

> > gpg (or the email clients) don't need to know about
> > special verification keys / signatures.  They just
> > check the proof of work and sort the returned keys
> > appropriately.
> Instead of one special signature notation type, we have another that
> will be much larger?

What do you mean?  A PoW is just a few dozen bytes large...


More information about the Gnupg-users mailing list