Proposal of OpenPGP Email Validation

Werner Koch wk at
Thu Jul 30 13:04:29 CEST 2015

On Wed, 29 Jul 2015 17:49, patrick at said:

> The whole point of this exercise is to verify that the key and the email
> address(es) belong _together_. I don't see how PoW could do this, or I
> didn't understand it well enough.

The idea with a regular PoW is that an attacker (well, script kiddie)
would look for a lower hanfing fruit than to create a faked key.  The
PoW is expensive and thus the expectaion is that it would at best only
done for the first interval but not a second time

My points against PoW are:

 - PoW is not green computing so it should only be done in rare cases.

 - Users with low end devices are discriminated.

 - With all that surplus Bitcoin mining rig we would soon see a lot of
   faked keys just for the fun of it - or as a service.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list