trust your corporation for keyowner identification?
Johan Wevers
johanw at vulcan.xs4all.nl
Thu Oct 17 15:07:54 CEST 2013
On 17-10-2013 12:37, Brian J. Murrell wrote:
>> If the key was generated, stored, or used on the company's computer,
>> all bets are off regarding Bob being the only one with access to a
>> copy.
> Why would it be? There is no reason, with this verification scheme that
> anyone's private keys (or public keys for that matter) go anywhere near
> the company's computer.
Yes there is: the practical point of using those keys. Why would a HR
department sign employees keys? I assume to have the employee use it in
encrypted communications with collegues / customers / whoever. To do
that, the key needs to be on a company computer in most cases. There are
exceptions of cource (like working at home on your own hardware) but
they are not the norm so I wouldn't blindly assume that to be the case.
--
ir. J.C.A. Wevers
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list