Using signing in a group environment

Janusz A. Urbanowicz alex@FUCKUP.fantastyka.net
Fri May 18 20:22:02 2001



> On Wed, 16 May 2001, Brian Rectanus wrote:
> > I would like to create a secret key for our group here at work so that
> > we can send out signed email. What would be the best way of doing this
> > so that when a group member leaves, they would not be able to continue
> > to send signed email?
>
> Well, unless there is some compelling reason to share a single key, the
> *best* way is to give each member a separate key. If a member leaves, he
> can continue to send signed email, but since you know it is from a
> nonmember (the signature *proves* that) you can ignore it. If this is not
> sufficient, explaining your need more thoroughly may elicit a better
> answer.
BTW OpenPGP standard defines possibility of shared keys but nothing about the implementation. Alex