trust your corporation for keyowner identification?

[MFPA]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 16 October 2013 at 9:19:19 PM, in
<mid:l3msbv$jh3$1 at ger.gmane.org>, Brian J. Murrell wrote:


> The corporation would not have a copy of the private
> key since the corporation is completely uninvolved
> other than (unknowingly) being the identity-checker and
> providing the means to authoritatively communicate with
> Bob (i.e. when I "message" bob at corporate.domain I know
> it's Bob that I am talking to -- somebody in IT doing a
> MITM attack aside -- but maybe that's enough of a risk
> to make this infeasible).  You would have the same
> trust that only Bob has Bob's secret key as you would
> any other GPG user whose key you signed.  Any given GPG
> user's competency in using GPG (i.e. keeping secret
> keys secret, trusting other, etc.) is up to you, as it
> always is.

If the key was generated, stored, or used on the company's computer,
all bets are off regarding Bob being the only one with access to a
copy.





- --
Best regards

MFPA                    mailto:expires2013 at ymail.com

A wise man once said ..."I don't know."
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlJfBPtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pZqwD/RsaAhIQ++BVj0kdmctZOhSaN9fooa9zUM2R
6ZPj0mdIzD8yLriWXBf+LjJJH0DQTDdjQFsh7XTE/4E3K8bGybRyciOzD4WcVHNn
Y4kV/kYFX+uo/bjPsTX4h4XxkyfXeKmFti5ou1yxYPVsnNk6vFz1qHqh4EibwDI2
S0ratbwE
=loQ1
-----END PGP SIGNATURE-----