Hi, I guess you mean this:
The idea I have in mind is roughly as follows: if you upload a key to a keyserver, the keyserver would send an encrypted email to every UID in the key. Each encrypted mail contains a unique link to confirm the email address. Once all email addresses are confirmed, the key is validated and the keyserver will allow access to it just like with any regular keyserver. This approach is not going to stop a nation state. A nation state can intercept the mail, decrypt it and follow the link. For the same reason, it is not going to stop a user's ISP. Given Microsoft's et al.'s willingness to cooperate with the NSA, these are not very good starting conditions. The approach also has another problem: which key servers are going to do this? There are 100s of key servers. I'm not going to reply to mails from each one, sorry. This also seems like a nice way to spam someone. Generate a key, upload it to a key server and they have a bunch of mails from the key server. Based on this, I suspect that it won't take long for the key servers to be blacklisted? Have you considered these issues? Do you have any thoughts about how to avoid these problems or do you think they are not real problems? Regarding the design: personally, I wouldn't have the user follow a link that includes a swiss number, but have the user reply to the mail, include the swiss number and sign it. I'd also consider having the key servers publish the validations. If you chain the validations (include the hash of the previous validation in the current validation) you can detect if the key servers serve a fake key to a specific user. Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users