Key Verification Policy

The PGP Global Directory is a verified directory of PGP keys. Unlike previous servers that stored PGP keys indiscriminately, the PGP Global Directory allows users to manage their keys in the directory, even if they have lost the private component of the stored key.

Because the PGP Global Directory allows users to manage lost keys, it cannot use cryptographic mechanisms for verification. Instead, like mailing list servers and other public Internet services, the PGP Global Directory verifies a key by requiring a response to a verification email sent to each email address specified on the key. It also requires periodic re-confirmation for each advertised email address by soliciting a response to a re-verification email.

Since the purported keyholder responds to an email, not to a cryptographic query, there are risks involved in the verification of keys. These include:

• It is possible that a user might improperly respond to a verification request for a key that they do not own, or for which they have lost their private key.
• It is possible that a user whose email account has been compromised might have a key in the directory that is not theirs. Therefore, someone who has compromised a user's email account could potentially put a key in the directory and impersonate that user -- complete with signed and encrypted emails. Alternatively, an attacker who compromised a user's email account could remove the user's legitimate key from the directory, potentially causing email to be sent to such user unencrypted.
• It is possible that a suitably empowered attacker (for example, someone with physical access to the applicable Internet Service Provider routers, or an administrator of the mailserver where the user's account resides) could intercept the verification emails and respond to them without compromising the user's email account.

Consequently, there is always a risk that the verified key in the PGP Global Directory is not actually owned by the person who appears to own it. While the verification mechanisms in the directory are suitable for many purposes, you should endeavor to use additional mechanisms, such as verbal confirmation from the other party, to verify that you are exchanging messages with the right person using the right key. The PGP Global Directory is not a replacement for the PGP Web of Trust, but an additional mechanism to provide a global foundation for the PGP Web of Trust that enables opportunistic secure communications.