Corporate public key?
Tue Jul 8 19:11:02 2003
On Tue, 8 Jul 2003, Daniel Carrera wrote:
> The problem lies in how the user would authenticate ING. Would ING have a
> corporate-wide GPG key? You can't just have a single common passphrase for every
> employee in the bank. And they can't have a different key for every employee,
> since that would be an authentication nightmare for users.
> Does GPG have a solution for this kind of problem? Is there a way to have a
> corporate signature?
> If there is one, I will send a suggestion to ING.
This seems to be the same sort of scenario that Verisign deals with. They
have a certificate that belongs to "Verisign Corporation". So that
at least proves it's possible.
A corporate GPG key for ING could be handled in plenty of ways. Certain
trusted employees are given the ability to access the private key of ING
Corporation, either by giving them the password, or by giving their UNIX
account execute access to a SUID script. There are plenty of ways to
control access to the private key.
Some out-of-band mechanism could be used to verify ING's corporate
fingerprint. One can presume that their fingerprint would become widely
known pretty quickly, making it hard to masquerade as them. Perhaps the
postal service provides a kind of certified mail that would guarantee the
sender and recipient of a letter to you containing the fingerprint? I'm
not sure, but the issues are of the same level of complexity as them
verifying your key.
An ING corporate key has added power when the WoT is taken into
consideration. If ING's signing policy states that an ING signature on a
key means that the individual is an authorized agent of ING, you can be
sure that when you receive a communication from anyone who's key bears
ING's signature, that person is authorized to act on behalf of ING.
Perhaps their UID would contain their corporate title:
uid John Smith (Vice President of Security) <email@example.com>
sig ING Corporation <firstname.lastname@example.org>
So now, when John Smith tells you he works for ING and that your loan was
approved, you know it's true.
This use of the WoT along with a corporate signature means that very few
people (perhaps just a guy in IT and a guy in HR) need access to
ING's main private key in order to sign new employee's keys and revoke
signatures on former employees when they leave the company.
I'm a CS undergrad and an expert in nothing, but to me this seems like a
good and workable idea.