Add Closed-loop email authentication on key submission.

Issue #35 wontfix
Peter TheOne
created an issue

I would like the server to validate if the submitter of a key even has access to the email addresses he is submitting a key for.

This would solve the following problem:

(i) Some users don't want their public keys submitted, but some else does it by accident.

(ii) Someone can submit a fake key for another users e-mail.

Comments (3)

  1. Kristian Fiskerstrand

    If a user want this behavior they should use the Symantec / PGP LDAP keyserver, it does not fit in the overall security design of OpenPGP and introduce a number of issues, mainly it adds requirement of trustworthiness of servers as opposed to self-contained object based security of OpenPGP keys. How should such validation gossip across the keyserver network? Also, existence of email address at time of addition does not mean that you have access to that email address over time, domains can be expired and subscribed by third parties without this invalidating the keys, removal of historical keys, in particular revoked keys in this case would reduce the overall security of the network (DoS on possibility to download revcerts). An email addresse is not required as part of the UID and e.g package distribution keys frequently does not include such an address.

    The described behavior can be introduced by third parties outside of the keyserver network as automated CA setups (which is what this fundamentally is).

    Keys needs to be properly validated by the user before any activity is performed!

  2. Peter TheOne reporter
    How should such validation gossip across the keyserver network?
    

    I get your point. For me this seems to be biggest hurdle.

    Anyway, thanks for your elaborate answer!

  3. Log in to comment