Suggestion: Coporate keyrings.

Adrian 'Dagurashibanipal' von Bidder
Mon May 13 11:03:02 2002

Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Mon, 2002-05-13 at 10:38, Brenno J.S.A.A.F. de Winter wrote:
> > Why not have a corporate key. The admin signs the keys he has verified,
> > the user trusts this corporate key signing key, and so automatically he
> > trusts all keys in the corporation.

> Nope my idea went a little bit further. Also non-corporate users could be
> verified (for instance: Beside that

The meaning of a signature by this corporate key would have to be
defined. If all keys that are to be trusted by members of ACME, Inc. are
signed by the ACME corporate key, then you can do exactly that.
Signature by ACME corporate key =3D=3D 'this key was verified by our
security admin'

> having a corporate key has some practical problems like passphrases and s=

A trusted keyring needs to have an administrator, too, and so would be
protected by some mechanism that could be equally tricky. I'd argue that
you could protect a single signing key better than a trusted keyring

To conclude: I still don't see what you can do with a trusted keyring
that you can't do with a trusted key and signatures.

-- vbi

I sign e-mail using OpenPGP (rfc2440) compliant software.

Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

Version: GnuPG v1.0.7 (GNU/Linux)