GnuPG for a small company -- Questions before I start

Eray Aslan eray.aslan at caf.com.tr
Thu May 24 18:01:35 CEST 2007


On 17.05.2007 16:10, Janusz A. Urbanowicz wrote:
[...]
> When I did similar things the setup was as follows:
> 
> * there is one well-guarded organization key (org key)
> * every person involved has a key signed by the org key
> * people keys have designated-revoker set to org key
> * all OpenPGP software installation have:
> ** mandatory encrypt-to org key

Which option is that in gpg.conf?

> ** ultimate trust for the org key

How does one deal with people quitting or people getting hired?  You can
revoke the keys for those that quit.  But how do you inform coworkers
that someone's key is revoked?  Or similarly distribute the new public
key to existing employees for someone who has been just hired?  In-house
keyserver?

Thank you

-- 
Eray



More information about the Gnupg-users mailing list