At Wed, 29 Jul 2015 01:03:53 +0100, MFPA wrote: > On Tuesday 28 July 2015 at 11:46:10 PM, in > <mid:87vbd3nbnx.wl-n...@walfield.org>, Neal H. Walfield wrote: > > At Tue, 28 Jul 2015 19:22:29 +0100, MFPA wrote: > >> It also eliminates any attempt to to establish a link > >> between the key and the email address in the UID. > > > I'm not so sure. Recall that we are not attempting to > > protect against attacks by nation states. As such, > > performing a week of computation each year is going to > > be too much to maintain for those who upload fake keys. > > And too much for people with multiple email addresses.
It doesn't have to be per-email address. It is sufficient to attach it to the primary key. > This still seems less rigorous to me than having to receive an email > sent to that address and decrypt it with that key. I guess it's a case > of swings and roundabouts. Well, I don't like the CA model and that's what Nico is basically proposing (with less rigorous checks). Another huge disadvantage is that user's have to actively participate by replying to emails / visiting a link. Using PoW, no human intervention is required and there is no central authority. PoW relies on the assumption that conducting an attack is too expensive to do / maintain. :) Neal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users