Proposal of OpenPGP Email Validation
viktordick86 at gmail.com
Thu Jul 30 08:04:28 CEST 2015
On 2015-07-29 18:24, nico at enigmail.net wrote:
> So, could somebody explain in a bit more detail how a PoW approach works?
As far as I understand it, for any key that you have - regardless
whether you have access to the mail address in the uid - you can add
some signature where anyone with the public key can quickly check that
the person that posesses the private key has spent a specific amount of
computing power (p.e., 1 week with an average PC) to create this
signature. It is hard to create the signature (impossible without the
private key, a lot of computing power with it) but easy to check.
Essentially, you create the possibility to make a key 'premium' by
spending this time and hope that trolls who flood the keyservers with
fake keys will be deterred by the costs. Anyone who does not have any
problem with trolls can of course still upload a non-premium key.
I myself find the idea not so appealling. I would not like it if after
creating a key my machine had high CPU load for a couple of weeks. And I
doubt that many trolls will be deterred by it - the number of fake keys
per time interval will go down, but since they are anyhow going out of
their way to create problems for others without any gain for themselves,
I think a significant portion will still do it even if it costs more.
I rather like the idea of servers that offer to sign your key (or rather
a specific UID) and send it to your email, encrypted to you. For the
user this just means that if he has the problem of trolls using his
address he has to send his key to such a server or upload it in a
webinterface, then receive the mail, decrypt it and import the contained
signatures to his key, and optionally upload his new key to a keyserver
- with enigmail, for example, everything done within a few clicks.
Anyone who looks for a key to a specific mail address on a keyserver
will probably, when faced with multiple results, take the one that has
most signatures (and isn't expired) - especially if some of the
signatures are from email-verification-sounding hostnames. Therefore,
there is no necessity to create a whitelist of servers (but it can be
done, if a user decides to trust signatures of a specific server) and it
is still decentralized - anyone can set up such a verification server.
Of course with a lot of effort, a troll could still try to create a
complete fake network and cross-sign different keys. But here the amount
of work to be done for a troll is much bigger than that for a genuine
user, so hopefully it will not be a problem. It would also be possible
to check for known services if the signature is actually theirs (by
checking the key with that on the homepage or something like that), but
of course it should have been possible to do that with the original
These signatures should expire after a year or so, so keys where the
owner no longer has acces to the private key will loose these signatures
after a while. I myself have two older keys from early experiments
(where I did not specify an expiry date) uploaded to the keyserver
network, but I guess anyone who looks me up will take my current key,
because it has much more subkeys (which I now change every year) and
also some signatures.
Now that I think about it - if I search for the original author of the
c't article (ju at ct.de), who complained about getting mails that were
encrypted to some fake key, I would assume that the keys 38EA4970 and
E1374764 are both genuine, because they both have not only selfsigs.
BTW, they are both signed by different keys with the UID
'pgpCA at ct.heise.de', so they already have a similar service in place -
of course I had to do a websearch to find if these keys are genuine,
which should probably be easier. I guess ideally the UID would contain a
weblink to a page that has the fingerprint and describes the service
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 473 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users