Deploying GnuPG into University Administration

David Shaw
Thu Jan 9 17:14:02 2003

On Thu, Jan 09, 2003 at 04:02:12PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:

>  - lsign (or even exportable sign?) the cert key, and set ownertrust

.. or, since you control the gpg.conf files as each new user gets set
up, stick a "trusted-key xxxxxx" in there.  Simpler, and works even if
the user manages to mangle their trustdb.

> I think with this script available and key distribution solved, you
> avoid most problems. Biggest problem (in terms of actual time spent)
> will be users who have forgotten their password and users complaining
> that they can't verify some signatures or who don't know how to use
> their software.

Users who forgot their password can have their key revoked by the CA
if you are using revocation keys.

> WARNING: I have no experience with such things whatsoever.

I do. ;)  I designed a system for a company here.  It was vaguely
similar to what you mention above, except it had to provide for data
recovery and had to work with PGP on Windows as well.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson