Keysigning a "corporate" key - how ?
Matt Wronkiewicz
wronkiew@foozone.org
Thu Jan 16 20:10:04 2003
--Qxx1br4bt0+wmkIi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> What would be the best for "corporate" ID verification ?
What would be best in my opinion to verify your corporate key,
is to sign the corporate key with your personal key. Then bring
you personal key, but not your corporate key to the key-signing
party. People who want to verify that your corporate key is
valid can decide for themselves whether they trust you to
correctly verify the corporate key, after they have already
verified your personal key. Convince your coworkers to do the
same, to provide a better web of trust. This way the people at
the key-signing event are not put in a position where they have
to determine, from their own limited knowledge of your company,
whether you are a trusted representative from your company or
if you are trying to push a phony key.
--=20
Matt Wronkiewicz <wronkiew@foozone.org>
Fingerprint: 914B FFE7 1C00 7B63 04D1 051D BA18 9B5D 6845 2D6E
Signature policy: http://www.foozone.org/crypto_policy.asc
--Qxx1br4bt0+wmkIi
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (SunOS)
iHAEARECADAFAj4nA8UpGmh0dHA6Ly93d3cuZm9vem9uZS5vcmcvY3J5cHRvX3Bv
bGljeS5hc2MACgkQuhibXWhFLW4exgCgmAIvPicK/kxPrPEv6rWwQiVEjkQAn3s2
bNPp2ERIjZ8U32JUFLQEBe6k
=MExL
-----END PGP SIGNATURE-----
--Qxx1br4bt0+wmkIi--