Proposal of OpenPGP Email Validation
2014-667rhzu3dc-lists-groups at riseup.net
Wed Jul 29 15:41:07 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
On Wednesday 29 July 2015 at 1:07:21 PM, in
<mid:87twsnmakm.wl-neal at walfield.org>, Neal H. Walfield wrote:
> It doesn't have to be per-email address. It is
> sufficient to attach it to the primary key.
Fair enough if it is just to signify the key is in current usage. But
I think it does have to be per-email address if the point is to
address the same issue as Nico's scheme.
The key announcements in Mike Ingle's Confidant Mail include a Proof
of Work, and I think they are done every few days. If you stop
using the key, it stops being announced and over time disappears from
the DHT. But the keys there do not have multiple addresses. (They
don't really even *need* an address, the fingerprint will suffice.)
> Well, I don't like the CA model and that's what Nico is
> basically proposing (with less rigorous checks).
> Another huge disadvantage is that user's have to
> actively participate by replying to emails / visiting a
Yes, PoW has none of that.
If you went for a per-UID PoW and a common validation signature
notation with Nico's scheme ("type": "ProofOfWork" instead of
"enc-email"), the schemes could operate together as compatible
MFPA <mailto:2014-667rhzu3dc-lists-groups at riseup.net>
Working hard. Please interrupt at once.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the Gnupg-users