DO's and DON'Ts about using gpg on the internet?

Thu Jan 24 18:45:02 2002


At 06:29 PM 1/24/02 +0100, Dominik Schwald wrote:
> > Q2. The public key ring is best owned by root. Is this true?
>Hmm.. I don't think that's important, cause its a *PUBLIC* Keyring.

What if someone replaces the public keyring with theirs. (the same useid 
but their e-mail address.) Isn't that important?

> > Q3. Where should the userid for the public key be stored and who
> > should own it. ie should it be in a data file owned by root, an
> > intermediate user with no telnet/ssh/ftp access or just in the cgi
> > program owned by user.
>Do you only want to encrypt or do you want to encrypt&sign data?

Just encrypt otherwise I have to have a private key on the server, and if 
someone can get access to the 2 keyrings; lets say owned by root, then its 
mute point signing it because they are in there anyhow.