Corporate public key?
Lukasz Stelmach
Lukasz Stelmach <Lukasz.Stelmach@k.telmark.waw.pl>
Tue Jul 8 19:06:03 2003
--XsQoSWH+UP9D9v3l
Content-Type: text/plain; charset=iso-8859-2
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Byla godzina 12:33:26 w Tuesday 08 July, gdy do autobusu wsiadl kanar
i wrzasnal:"Daniel Carrera!!! Bilecik do kontroli!!!" A on(a) na to:
DC> I want to suggest they use GPG, but honestly I'm not sure how they'd go=
=20
DC> about doing that.
[...]
DC> The problem lies in how the user would authenticate ING. Would ING=20
DC> have a corporate-wide GPG key? You can't just have a single common=20
DC> passphrase for every employee in the bank. And they can't have a=20
DC> different key for every employee, since that would be an authentication=
=20
DC> nightmare for users.
IMHO it should be done like that:
* one corporate key (CK)
* few division keys (in each city?) (optional)
* each emplyee's key is signed with CK
* user/client's key is signed by employee after proper verificatuion
(e.g. fingerprint said over phone)
Then we use web-of-trust. Each client may have different signature
on her/his key but even thoug it can be trusted because the one
who has signed it is an ING emplyee.
Czym sie cieplo Daniel...
--=20
|/ |_, _ .- --, Ju=BF z ka=BFdej strony pe=B3zn=B1, potworne rz=
=B1dze
|__ |_|. | \ |_|. ._' /_. B=EAd=EA uprawia=B3 nierz=B1d, za pieni=
=B1ze
--XsQoSWH+UP9D9v3l
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (FreeBSD)
iD8DBQE/CvolNdzY8sm9K9wRAlcBAJ4kQeXKurCh5GGtSSN6YxsHPhopgwCfTANS
+RC+1r3Ry3H/wLkX3HFN6Sg=
=X44E
-----END PGP SIGNATURE-----
--XsQoSWH+UP9D9v3l--