Proposal of OpenPGP Email Validation

MFPA 2014-667rhzu3dc-lists-groups at riseup.net
Thu Jul 30 14:21:21 CEST 2015 

Hi


On Thursday 30 July 2015 at 7:04:28 AM, in
<mid:55B9BE6C.1050900 at gmail.com>, Viktor Dick wrote:


> On 2015-07-29 18:24, nico at enigmail.net wrote:
>> So, could somebody explain in a bit more detail how a PoW approach works?

> As far as I understand it, for any key that you have -
> regardless whether you have access to the mail address
> in the uid - you can add some signature where anyone
> with the public key can quickly check that the person
> that posesses the private key has spent a specific
> amount of computing power (p.e., 1 week with an average
> PC) to create this signature. It is hard to create the
> signature (impossible without the private key, a lot of
> computing power with it) but easy to check.

That's my understanding, too. 




> Essentially, you create the possibility to make a key
> 'premium' by spending this time and hope that trolls
> who flood the keyservers with fake keys will be
> deterred by the costs. 

You can hope so, but is it reasonable to expect? 



> Anyone who does not have any
> problem with trolls can of course still upload a
> non-premium key.

And anybody who doesn't trust Proof of Work as a validation could 
trust only encrypted-mail validations. It would be simple, as PoW 
validation signatures would be self-certs whereas enc-mail validation 
certs would come from a validation server's key.



> I myself find the idea not so appealling. I would not
> like it if after creating a key my machine had high CPU
> load for a couple of weeks. And I doubt that many
> trolls will be deterred by it - the number of fake keys
> per time interval will go down, but since they are
> anyhow going out of their way to create problems for
> others without any gain for themselves, I think a
> significant portion will still do it even if it costs
> more.

I think a week of computing for the PoW is excessive. But if the
troll's CPU time is on a botnet, they won't care about the cost or
about slowing down their machine for a week.



> I rather like the idea of servers that offer to sign
> your key (or rather a specific UID) and send it to your
> email, encrypted to you. For the user this just means
> that if he has the problem of trolls using his address
> he has to send his key to such a server or upload it in
> a webinterface, then receive the mail, decrypt it and
> import the contained signatures to his key, and
> optionally upload his new key to a keyserver - with
> enigmail, for example, everything done within a few
> clicks. 

I prefer this method rather than clicking a link in an email. But 
people are used to that scenario from website registrations, as  long 
as the email arrives within a couple of minutes of them registering on 
the website.



> Anyone who looks for a key to a specific mail
> address on a keyserver will probably, when faced with
> multiple results, take the one that has most signatures
> (and isn't expired) - especially if some of the
> signatures are from email-verification-sounding
> hostnames. 

Surely, all signatures from keys that you do not already trust are
just ambient noise.



> Therefore, there is no necessity to create a
> whitelist of servers (but it can be done, if a user
> decides to trust signatures of a specific server) and
> it is still decentralized - anyone can set up such a
> verification server. 

If it can be done without Big Brother creating a whitelist, it should 
be.



> Of course with a lot of effort, a
> troll could still try to create a complete fake network
> and cross-sign different keys. But here the amount of
> work to be done for a troll is much bigger than that
> for a genuine user, so hopefully it will not be a
> problem. 

I imagine it would not be much of a problem for a troll to automate 
most of the work. But unless they compromise some keys from genuine 
validators, it's all in vain if people bother to check signatures.

Hold on, the magazine writer's problem is that people encrypt his 
emails to the wrong key because they do not bother to check 
signatures. 



-- 
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at riseup.net>

A closed mouth gathers no foot

More information about the Gnupg-users mailing list