Proposal of OpenPGP Email Validation

MFPA 2014-667rhzu3dc-lists-groups at
Fri Jul 31 13:13:34 CEST 2015

Hash: SHA512


On Friday 31 July 2015 at 6:43:29 AM, in
<mid:55BB0B01.4020907 at>, Viktor Dick wrote:

> On 31.07.2015 01:11, MFPA wrote:
>> Only if you download the key from the GPGTools website and find the
>> key-id first. (If the GPGTools team shows their key ID or Fingerprint
>  on their website, I failed to find it.)
> On the front page they have 'to verify the signature, please download
> and import our <updated key>' right below the download button. There is
> no fingerprint, but the whole key is there.
> But I was talking about the fact that of the six results, one has
> hundreds of signatures.

OK, you can go to a keyserver's web interface and see there are lots
of signatures there. But you cannot see that when searching the
keyserver using GnuPG, quite rightly since any signature you have not
(yet) been able to check and establish you trust it is just background

> Sure, in the web of trust concept this doesn't
> mean anything unless there is a (short) trust chain from me to one of
> these, but in practice this still significantly rises the chance that it
> is the correct key

Anybody of that opinion could be easily fooled by creating a few dozen
"fake" keys and signing one with the rest.

>> My output from searching a keyserver for
>> "":-
> 'gpg --search-keys' does not seem to give a list of signatures (which
> explains why enigmail also doesn't), I was searching using a web
> interface. I guess this is because it is assumed that signatures do not
> mean anything without a trust chain.

It's a fact, not just an assumption.

> But if I had to bet money on one of
> the keys, I would still take the one with hundreds of signatures.

How much would you pay for somebody to create a few dozen "fake" keys
and sign one with the rest?

>> However, what would be different if one of the keys
>> found happened to carry one of your proposed email
>> address validation signatures?
> If I could quickly check (or rather, my client could do that
> automatically) that the signature is also found on their web page, I can
> assume that either the web page is fake (which is unlikely for something
> known like, it has been hacked (unlikely for a random troll) or
> someone intercepted either my HTTP request or the original verification
> e-mail (possible with a secret service, unlikely with a troll).
> Therefore, it will raise my estimated probability that the owner of the
> key also has access to the mailbox, which will pretty surely now be much
> higher than for any fake key.

I guess your mail client would have to automatically check what is at
a URL given in a (self-)certification. Is that not an attack vector in

And wouldn't you have to download all the keys offered and check the
signatures in order to find the URLs to follow (or, indeed, the email
validation certificate notations)?

> The advantage with respect to the proof of work concept is that the
> procedure is asymmetric: it costs much more to troll than to verify a
> genuine key.

Could the troll not reduce the cost by using something optimised for
the task, like a Bitcoin mining box as Werner mentioned? Or farm the
cost out by using a botnet to perform the PoWs?

- --
Best regards

MFPA                  <mailto:2014-667rhzu3dc-lists-groups at>

Hard work never killed anyone, but why take a risk?


More information about the Gnupg-users mailing list