Proposal of OpenPGP Email Validation

nico at nico at
Wed Jul 29 07:42:34 CEST 2015

Am 29.07.2015 um 03:30 schrieb MFPA:
> Hi
> On Monday 27 July 2015 at 1:15:57 PM, in
> <mid:874mkpokxu.wl-neal at>, Neal H. Walfield wrote:
>> Regarding the design: personally, I wouldn't have the
>> user follow a link that includes a swiss number, but
>> have the user reply to the mail, include the swiss
>> number and sign it.
> Why not simplify the workflow:-
> 1. key reaches validation server.
> 2. for each UID containing an email address, validation server creates
>    a copy of the key stripped of all other UIDs.
> 3. validation server signs that copy of the key.
> 4. validation server pastes the signed key into an email, encrypts the
>    email to that key, and sends it to the email address in the UID.
> 5. user receives each email, decrypts it, and updates their local copy of
>    their key.
> 6. user uploads key now bearing the validation server's signatures to
>    a keyserver.
What comes into my mind is the following:
- This requires special email clients.
  The benefit of the proposed workflow is that any existing client
  can use it just by switching its keyserver to the validating
  keyserver proxy.
  IMO, that's a huge drawback, because any solution that
  requires email client updates is a lot harder to establish.
- How to deal with existing keys?
  Well probably the same
  (upload a key for the first time and uploading it
   for updates would run the saem workflow), right?

> There is still the same level of assurance that the email address and
> private key are controlled by the same entity. Advantages are:-
> a. Nobody is asked to click links or reply to emails.
Hmm, isn't step 5 is kind of that?
In any case some confirmation email handling is required.
If this is done by the email client silently,
this also can be done by the email client in my proposal.
But again this requires supporting clients.

> b. The validation server does not need to manage a "stack" of keys
>    awaiting feedback from the validation emails.
indeed, that's an argument

> c. Changes to the user's key are uploaded to the keyserver by the
>    user, not by the validation server.
Is this a real benefit?


Nicolai M. Josuttis
mailto:nico at
PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5

More information about the Gnupg-users mailing list