Controlling Group Membership with PGP Keys

Mike Acker Mike_Acker at
Tue Mar 22 10:34:39 CET 2011

VM Anyone?

Clearly the design of the PGP key and its trust model does not apprehend
indicating Group membership

it occurs to me that controlling group membership is going to need:

   1. a Group Keyserver under the control of the Group Administrator
   2. Option to use the Group Keyserver exclusively for access to Public

the 2d point could be related to an e/mail address and implemented in
THUNDERBIRD, or, perhaps better to set up a VM with a THUNDERBIRD
installed for Secure Group Communication Only.

Perhaps we need Windows7 to become more like MVS

The administrator could set an expiration date on his key-- which should
cause his authentications to expire,-- but what time frame?  30 days? 
That might be decent as far as getting rid of Tom but would cause
another problem: all the members of the group would have to get all the
keys re-certified every 30 days

Note: the 'group' might not be a corporation where everyone wil be using
an email address of a predictable pattern such as (e.g.) tom_newguy at


-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20110322/10552807/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110322/10552807/attachment.pgp>

More information about the Gnupg-users mailing list