Gnupg-users digest, Vol 1 #1332 - 9 msgs
Tue Jul 8 23:55:02 2003

>Message: 2
>Subject: Re: Corporate public key?
>From: "Dennis Lambe Jr." <>
>To: Neil Williams <>
>Date: 08 Jul 2003 15:06:25 -0400


>If ING has signed a key which says it belongs to John Smith, VP
>Security, then you can know that John Smith really is the VP of
>for ING.  That is, unless the person in charge of keysignings at
>ING is
>irresponsible or malicious, in which case we've got much bigger


the entire corporate issue, while it would bring open pgp into everyday
commercial practice, is fraught with practical difficulties that must
be given a great deal of thought before implementing:

[1] what happens when the person already has a sizeable amount of money
deposited, and then loses the key or passphrase, 
(and lost the backups too),
is there an alternate physical means of identification to restore account

[2] similarly, if the key gets compromised ,
(net-crackers that can have bank account access if they harvest keys
and passphrases, may then consider keys a priority target ...)
the key can be revoked, but how is the new account re-generated.

to tie it to the revoking key, is a possiblity, but one that opens new
security issues about protecting the revocation certificate

interesting to see what becomes of the idea...

with Respect,



Concerned about your privacy? Follow this link to get
FREE encrypted email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program: