Proposal of OpenPGP Email Validation

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Wed Jul 29 15:41:07 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 29 July 2015 at 1:07:21 PM, in
<mid:87twsnmakm.wl-neal at walfield.org>, Neal H. Walfield wrote:



> It doesn't have to be per-email address.  It is
> sufficient to attach it to the primary key.

Fair enough if it is just to signify the key is in current usage. But
I think it does have to be per-email address if the point is to
address the same issue as Nico's scheme.

The key announcements in Mike Ingle's Confidant Mail include a Proof
of Work, and I think they are done every few days. If you stop
using the key, it stops being announced and over time disappears from
the DHT. But the keys there do not have multiple addresses. (They
don't really even *need* an address, the fingerprint will suffice.)
<https://confidantmail.org/download/spec.pdf>



> Well, I don't like the CA model and that's what Nico is
> basically proposing (with less rigorous checks).
> Another huge disadvantage is that user's have to
> actively participate by replying to emails / visiting a
> link.

Yes, PoW has none of that.

If you went for a per-UID PoW and a common validation signature
notation with Nico's scheme ("type": "ProofOfWork" instead of
"enc-email"), the schemes could operate together as compatible
alternatives.


- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

Working hard. Please interrupt at once.
-----BEGIN PGP SIGNATURE-----

iQF8BAEBCgBmBQJVuNf/XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRCM0FFN0VDQTlBOEM4QjMwMjZBNUEwRjU2
QjdDNzRDRUIzMUYyNUYwAAoJEGt8dM6zHyXwcdAIAJ5TDVjiz2DdRDW9Iq8k9B2q
cBlSqWRrje2thrwhWHM4GsN4rJsst3aBGOpaZLLWwo0KK9BP88B68ahej38+OHb1
l+OU55OVlmQ87/Op5vsmKlr9yuXM/uYrYJO1mCOzr4KGoq2eptfcIBH7ZakcZDQq
GVZHN8AZRPfa1Gm5l90IqRMrkSkY/D9boWhjKhIAlHWdRLV92V8TdGex1Mg7bTOD
BboAnUkWi0uYbHy8ISrYxTOrM+wou0TV7eOdTrTrVtkV9cth+hai/XARNvdmfBrj
BJZKvLByGd1Hp+bUUYDz95U/oCcRieZEoLOEDlhqbWzMLiomUUUKretDz3scz++I
vgQBFgoAZgUCVbjYBl8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu
cGdwLmZpZnRoaG9yc2VtYW4ubmV0MzNBQ0VENEVFOTEzNEVFQkRFNkE4NTA2MTcx
MkJDNDYxQUY3NzhFNAAKCRAXErxGGvd45AJZAP9104lD12MmcWKsxQug4R86eekA
VQMFRSAMAK6dsyElhwD7B2IyijCYyv8SZqZrMXiinXKU8RBh+ZPfhP4F1tBIhwc=
=wVtr
-----END PGP SIGNATURE-----




More information about the Gnupg-users mailing list