can`t verify signature

[Steve Butler]

That's not so bad as what I saw on that key.  That key had everybody's ID
(not just signed) as part of the key.

At my company we have to exchange corporate public keys to transfer
information via FTP files.  So, a corporate key doesn't both me that much.
I'm more bothered by an individual using their personal key to do corporate
business -- and one individual tried that trick.

However, it should be clear that the key is a corporate key and should only
have the ID of the group within the company with whom contact should be made
regarding the key.  I'd also expect that they key would change over time --
especially as people who knew the passphrase and had access to the secret
portion of the key left the company.

Should they be on a public key server?  Perhaps one dedicated to their type
of industry.

-----Original Message-----
From: Ben Finney [mailto:ben@benfinney.id.au]
Sent: Friday, July 25, 2003 10:49 PM
To: gnupg-users@gnupg.org
Subject: Re: can`t verify signature


On 26-Jul-2003, Gustavo Vasconcelos wrote:
> I didn't get it. What is the problem on using a corporate key

The fact that a corporation is not an individual.

-- 
 \                           "Time wounds all heels."  -- Groucho Marx |
  `\                                                                   |
_o__)                                                                  |
ben@benfinney.id.au F'print 9CFE12B0 791A4267 887F520C B7AC2E51 BD41714B


CONFIDENTIALITY NOTICE:  This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.