Enterprise Key Management?
nicholas.cole at gmail.com
Mon Mar 18 11:24:32 CET 2013
On Mon, Mar 18, 2013 at 9:14 AM, Werner Koch <wk at gnupg.org> wrote:
> On Sat, 16 Mar 2013 12:36, abel at guardianproject.info said:
> > This seems like a better application of S/MIME as it, by design, is
> > centralized in the manner you describe.
> Hwever, with S/MIME you can _only_ do a centralized key management.
> OpenPGP allows to implement an arbitrary key management policy.
> The OP mentioned signing subkeys. This could for example be used to
> allow several employees to sign data using the same key and the
> recipient will notice a valid signature with a published fingerprint
> from the company. A closer inspection would reveal which subkey has
> been used for signing and this can be used for internal audit processes
> (similar to the QA labels with an employer number on all kind of
> products). Revocation of a certain subkey would also be pretty easy. I
> assume this would easily scale to new dozen subkeys.
It's clever. Given careful management / dissemination it would allow a
group to share an encryption key but have separate signing key. I don't
know if any software exists that operates in this way.
I do wonder if what the poster really meant, however, is not "subkeys" per
se but Trust-Signature certified keys.
I guess what is needed for most enterprise use is a system where the
company generates employee's keys and keeps a copy of them.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users