How to establish a company web-of-trust

Neal Dudley neal.dudley at utoledo.edu
Mon Mar 17 21:24:34 CET 2008


Some points to consider:

Regardless of whether or not the company signing key has signed or
revoked it's signature on the user's signing key, it is ultimately up to
the employee to trust or not trust the other employee's key(s).  This is
one of the beautiful points of PGP/GPG - there is no third party to
dictate who's keys you can trust or not trust.  That trust decision is
solely up to the user.

Please, no one flame me, but it is worth looking at S/MIME and PGP for
this issue. Yes, on a purely technical level, we are talking about the
same cryptographic algorithms.  The difference between S/MIME and PGP,
as I understand it, is mainly semantics involving the trust
relationships.  In S/MIME, a third party dictates to you what is to be
trusted or untrusted.  In contrast, under PGP the user defines what is
to be trusted or not.

I'm very interested in this thread, as I'm not clear as to how you could
create policies (at least ones that can be enforced) to control trust
relationships in a company.  This seems to be more a question of office
politics than secure email technology.  In a small company, this could
certainly be handled.  Mention the issue at the regular staff meetings,
and it remains the user's responsibility to revoke trust in that
keypair.  By the same token - good luck to you in implementing this if
you are referring to a larger company.  If you create scripts or
otherwise to force employees to check their keyring against some central
corporate keyserver, please share.  I hope your users are savvy enough
to understand what they are doing.  If that is the case, so much the
better for you, lucky dog!



Karl Voit wrote:
> * Karl Voit <devnull at Karl-Voit.at> wrote:
>>
>> I want to establish secure email communication in our company
>> (Windows, Outlook, gpg4win). I do not want to maintain a keyserver
>> by myself.
>>
>> My attempt: every employee generates his own keypair and exports the
>> public key to a keyserver. I as the admin downloads his key from the
>> server, compares the ID with the employee and signs the key with the
>> "central company key".
>>
>> Any communication partner can check, wether the key of the employee
>> was signed by our official "company key" which is downloadable from
>> our web site.
>>
>> So far so good - I think.
>>
>> But: what if an employee quits the company? Can I revoke the
>> signature? WinPT (as a key management frontend) does not seem to
>> provide this feature.
> 
> I just found out that WinPT does not provide all options that gpg
> (command line version) provides :-(
> 
> So my current attempt is: the employee has to add the company key as
> a revoker and then export it to the keyserver. So the company key is
> able to revoke any employees key.
> 
> This seems to be a clean attempt for me now.
> 
> Any suggestions?
> 
> --
> Karl Voit
>                                                     [X] expressive
> subjects NOW!
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
> 



More information about the Gnupg-users mailing list