Corporate public key?

Daniel Carrera
Tue Jul 8 18:32:02 2003

Hash: SHA1

Hello all,

I've been looking at ING, and I think that they should be using GPG.  ING is a 
huge bank, but they deal with their customers entirely through the phone or the 

Their website says that personal account information can only be given over the 
phone because email is not secure.

I want to suggest they use GPG, but honestly I'm not sure how they'd go about 
doing that.  Authenticating the user is not a problem.  They can ask for a 
physical letter with my fingerprint and physical signature (which they have on 
file) and then have me phone them, authenticate myself, and then verify the 
signature over the phone.

The problem lies in how the user would authenticate ING.  Would ING have a 
corporate-wide GPG key?  You can't just have a single common passphrase for every 
employee in the bank.  And they can't have a different key for every employee, 
since that would be an authentication nightmare for users.

Does GPG have a solution for this kind of problem?  Is there a way to have a 
corporate signature?

If there is one, I will send a suggestion to ING.

- -- 
Daniel Carrera         | OpenPGP fingerprint:
Graduate TA, Math Dept | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88
UMD  (301) 405-5137    |
Version: GnuPG v1.2.2 (SunOS)