Proposal of OpenPGP Email Validation
Werner Koch
wk at gnupg.org
Thu Jul 30 13:04:29 CEST 2015
On Wed, 29 Jul 2015 17:49, patrick at enigmail.net said:
> The whole point of this exercise is to verify that the key and the email
> address(es) belong _together_. I don't see how PoW could do this, or I
> didn't understand it well enough.
The idea with a regular PoW is that an attacker (well, script kiddie)
would look for a lower hanfing fruit than to create a faked key. The
PoW is expensive and thus the expectaion is that it would at best only
done for the first interval but not a second time
My points against PoW are:
- PoW is not green computing so it should only be done in rare cases.
- Users with low end devices are discriminated.
- With all that surplus Bitcoin mining rig we would soon see a lot of
faked keys just for the fun of it - or as a service.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list