Deploying GnuPG into University Administration
David Shaw
dshaw@jabberwocky.com
Thu Jan 9 17:14:02 2003
On Thu, Jan 09, 2003 at 04:02:12PM +0100, Adrian 'Dagurashibanipal' von Bidder wrote:
> - lsign (or even exportable sign?) the cert key, and set ownertrust
.. or, since you control the gpg.conf files as each new user gets set
up, stick a "trusted-key xxxxxx" in there. Simpler, and works even if
the user manages to mangle their trustdb.
> I think with this script available and key distribution solved, you
> avoid most problems. Biggest problem (in terms of actual time spent)
> will be users who have forgotten their password and users complaining
> that they can't verify some signatures or who don't know how to use
> their software.
Users who forgot their password can have their key revoked by the CA
if you are using revocation keys.
> WARNING: I have no experience with such things whatsoever.
I do. ;) I designed a system for a company here. It was vaguely
similar to what you mention above, except it had to provide for data
recovery and had to work with PGP on Windows as well.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson