Using signing in a group environment
Anthony E . Greene
agreene@pobox.com
Wed May 16 23:20:01 2001
On Wed, 16 May 2001 12:55:10 Brian Rectanus wrote:
>I would like to create a secret key for our group here at work so that
>we can send out signed email. What would be the best way of doing this
>so that when a group member leaves, they would not be able to continue
>to send signed email? If a member should leave, would the secret key
>have to be expired or is there a better way? If the signing key was
>expired, how would this effect any older signed messages?
Create the key with a reasonable expiration. When a person who had access
leaves the group, revoke the key and distribute the revocation as well as
you can. Even if some people do not get the revoked copy, the copy they have
will expire soon enough to reduce the risk.
Tony
--
Anthony E. Greene <agreene@pobox.com> <http://www.pobox.com/~agreene/>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Chat: AOL/Yahoo: TonyG05 ICQ: 91183266
Linux. The choice of a GNU Generation. <http://www.linux.org/>