Proposal of OpenPGP Email Validation

nico at nico at
Wed Jul 29 18:24:08 CEST 2015

Am 29.07.2015 um 15:41 schrieb MFPA:
>> Well, I don't like the CA model and that's what Nico is
>> basically proposing (with less rigorous checks).
>> Another huge disadvantage is that user's have to
>> actively participate by replying to emails / visiting a
>> link.
> Yes, PoW has none of that.
> If you went for a per-UID PoW and a common validation signature
> notation with Nico's scheme ("type": "ProofOfWork" instead of
> "enc-email"), the schemes could operate together as compatible
> alternatives.

I am happy to propose other way of validation.
Unfortunately I didn't understand the PoW approach yet.

So, could somebody explain in a bit more detail how a PoW approach works?

In my scenario a user only has to do 2 easy and understandable things:
a) change the keyserver configuration:
   I.e. replace a keyserver by a validating keyserver proxy
b) From time to time process an email asking for
   email confirmation by clicking the appropriate link
IMO, that's easy,
that's something people are used to do
(when they register to other services),
that's rare enough to get accepted..

And it works with each existing email client
(where I can configure the keyserver).

So, how does the PoW approach works in practice?
How does this validate an email?
What has the user to do?
Does it work for each existing email client?

IMO anything more complicated makes acceptance more problematic.
E.g. using two servers (asking for validation at another server
than the keyserver) is IMO for most people simply a show stopper.
Even replying with a signed email IMO instead of
clicking a link sounds more complicated to me.
IMO, we should avoid any step that makes the scenario
more complex than necessary (without a significant win).

But as written, I didn't understand the PoW scenario yet.
may be the effective interaction (based on the UIs of existing
email clients) is not worse.

Sorry that I am not an expert in this area.

Nicolai M. Josuttis
mailto:nico at
PGP fingerprint: CFEA 3B9F 9D8E B52D BD3F 7AF6 1C16 A70A F92D 28F5

More information about the Gnupg-users mailing list