Suggestion: Coporate keyrings.
Adrian 'Dagurashibanipal' von Bidder
Mon May 13 11:03:02 2002
On Mon, 2002-05-13 at 10:38, Brenno J.S.A.A.F. de Winter wrote:
> > Why not have a corporate key. The admin signs the keys he has verified,
> > the user trusts this corporate key signing key, and so automatically he
> > trusts all keys in the corporation.
> Nope my idea went a little bit further. Also non-corporate users could be
> verified (for instance: firstname.lastname@example.org). Beside that
The meaning of a signature by this corporate key would have to be
defined. If all keys that are to be trusted by members of ACME, Inc. are
signed by the ACME corporate key, then you can do exactly that.
Signature by ACME corporate key =3D=3D 'this key was verified by our
> having a corporate key has some practical problems like passphrases and s=
A trusted keyring needs to have an administrator, too, and so would be
protected by some mechanism that could be equally tricky. I'd argue that
you could protect a single signing key better than a trusted keyring
To conclude: I still don't see what you can do with a trusted keyring
that you can't do with a trusted key and signatures.
I sign e-mail using OpenPGP (rfc2440) compliant software.
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
-----END PGP SIGNATURE-----