Keysigning a "corporate" key - how ?

David Shaw
Thu Jan 16 20:24:02 2003

On Thu, Jan 16, 2003 at 12:25:04PM -0500, Toxik - Fabian Rodriguez wrote:

> I'll be attending a keysigning party today and it's the first time
> I'd lik to have our "corporate" key signed as well. For personal
> keys, one usually shows up with personal IDs including pictures, like
> a passport, etc.
> What would be the best for "corporate" ID verification ? We're a
> Canadian company and as such our company records show up at
> (Industry Canada's corporations directory) and a
> provincial site too ( However, what physical
> proof(s) would be recognized by the most people (including
> non-locals), in your opinion ?

This is a difficult question since signing such a key doesn't really
fit into the traditional "identify a person, match that person to a
key, sign the key" model.

Some people will sign such a key, and some people will not.  In a way,
it is similar to the question of whether someone other than a robot CA
operator should sign the robot CA key.

I would recommend that people sign your personal key (as they can
verify who you are, etc), and then you sign the corporate key (since
you can verify it is correct).


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson