Proposal of OpenPGP Email Validation

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Wed Jul 29 14:47:35 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 07/29/2015 02:41 PM, MFPA wrote:
> Hi
> 
> 
> On Wednesday 29 July 2015 at 11:05:13 AM, in 
> <mid:1713361.R4RmYyGI3m at collossus.ingo-kloecker.de>, Ingo Klöcker 
> wrote:
> 
> 
>> A possible benefit would be that the user can choose not to
>> upload the validation signatures to the keyservers. With a minor
>> change in step 1 (the key owner uploads his key to the validation
>> server without uploading it to a keyserver) the UID validation
>> would even work for keys which its owner does not want to upload
>> to a public keyserver.
> 
> That would be good: mail clients that applied a rule to only use 
> validated keys would otherwise deny service when emailing somebody
> who is trying to keep their key off the keyservers.

Are they really the target group for this proposal? Keep in mind this
would be in addition to the regular WoT model, so there is no DoS
based on that, per se (obviously you should never encrypt data to a
key that isn't verified on some level, even if just a heuristic
analysis based on public data and a local non-exportable signature).

If the key isn't on keyserver it defeats some of the purpose of this
being an easy to use for senders (while still providing _some_ level
of security).

- -- 
- ----------------------------
Kristian Fiskerstrand
Blog: http://blog.sumptuouscapital.com
Twitter: @krifisk
- ----------------------------
Public OpenPGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
- ----------------------------
"A committee is a group that keeps minutes and loses hours."
(Milton Berle)
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCgAGBQJVuMtjAAoJECULev7WN52F0C8H/1LMy2GnsLr6WRAcPj9jMAvS
IwpL+oe5cTdTtpdIcs7s5PhRXwQsbmGdlVaPllsbFn4mAOJ2x7eD7fe/hIHkIPGX
+ocZk6h9GlgK6wadNp5mbJ9egxYVVnV84+64S07GAx6IQ9NpOOa+BEa4VDL0UcI/
uLx1LO/9Fkj/gg5IM9YrM3ToLhcotMfen/wQE5dAQ5Zcb2BcDWAGw9mCTzs+a4LY
06w0Q5cRuQDUTcrmrGs5Y23BIRjtijPqEvamWhGynokeR1dmG1axbBAWgRzZAsQl
XPoDYLaldAXqPPqLUoNN/IBtJ+7c8MUVlkYTccIzTkYnsqFfGZimEo1mx1DmiNQ=
=0Gtq
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list