Corporate public key?

[Steve Butler]

From: Dennis Lambe Jr. [mailto:malsyned@cif.rochester.edu]
Sent: Tuesday, July 08, 2003 12:06 PM

> On Tue, 2003-07-08 at 14:39, Neil Williams wrote:
>> I've imported public keys with some 700 signatures, but for WoT to work
at the 
>> customer end, wouldn't every customer (including potential customers who
may 

> A fact of the WoT is that anyone is free to sign a key exportably
> though.  This is NOT a problem.  If someone signs your key, that doesn't
> hurt your key at all.  It can either help it, or have no affect.  It may

Even then, ING would have to distribute the key with that signature.  They
could simply post their key without any other signatures on their web site
and state that is the only authorized place to obtain their up to date
public key(s).


> If ING has signed a key which says it belongs to John Smith, VP of
> Security, then you can know that John Smith really is the VP of Security
> for ING.  That is, unless the person in charge of keysignings at ING is

Until they fire John Smith, VP of Security for breach of trust (or some
other infraction).  In practicality, they would have to keep an updated key
posted someplace (see above) and post the key revocation for John Smith.  



CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.