Controlling Group Membership with PGP Keys
Jerome Baum
jerome at jeromebaum.com
Tue Mar 22 16:41:57 CET 2011
Mike Acker <Mike_Acker at charter.net> writes:
> On 03/22/2011 11:01, Jerome Baum wrote:
>> You'd still have to manually check _who_ signed my member uid, to make
>> sure it's a group administrator, and timely revocation is an issue.
> Quick and Dirty solution: If I have each member of the group set up an
> address book for the group then it will be straight forward for the
> group administrator to send adds, deletes, and changes pertaining to the
> content of that book.
Actually thinking about this, use gpgv and maintain a trusted
keyring. Sign the keyring with the admin key and mail out updates. Say
it's called ~/.gnupg-members.gpg, this is the update procedure:
curl -o ~/.gnupg-updated-members-gpg.gpg <URL-of-keyring>
gpg ~/.gnupg-updated-members-gpg.gpg # it's a signature containing the
# original, so we get the file for
# the next step
# assuming the signature was okay/"good enough"
mv ~/.gnupg{-updated,}-members.gpg
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/5eaf694b/attachment.pgp>
More information about the Gnupg-users
mailing list