trust your corporation for keyowner identification?

MFPA expires2013 at ymail.com
Tue Oct 22 22:57:17 CEST 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Thursday 17 October 2013 at 11:37:35 AM, in
<mid:l3oel7$7ur$1 at ger.gmane.org>, Brian J. Murrell wrote:


> On 13-10-16 05:28 PM, MFPA wrote:

>> If the key was generated, stored, or used on the
>> company's computer, all bets are off regarding Bob
>> being the only one with access to a copy.

> Why would it be?  There is no reason, with this
> verification scheme that anyone's private keys (or
> public keys for that matter) go anywhere near the
> company's computer.

> Cheers, b.


When you said you would be messaging "bob at corporate.domain" I
interpreted that in the context of a discussion about OpenPGP keys to
mean you were exchanging encrypted communications with that email
address. It appears you probably meant the communication with
"bob at corporate.domain" was the out-of-band channel by which you and
Bob told each other your OpenPGP key fingerprints, and that being able
to send emails from those corporate accounts also doubled as identity
verification (because only the individual knows the relevant
credentials to send from "their" corporate email address, and the
company is required to verify government-issued ID documents when
engaging staff).

The bit about the employer having to verify people's ID may lead me to
accept a corporate ID card as an alternative to government-issued ID.
As for use of a corporate email address, could I be sure that Bob
locked his computer every time he left his desk? Or that nobody else
would ever have access to a written record of Bob's passwords? Or
that, in Bob's absence, a substitute would never use Bob's email
address when covering his work?


- --
Best regards

MFPA                    mailto:expires2013 at ymail.com

If at first you don't succeed, destroy all evidence that you tried.
-----BEGIN PGP SIGNATURE-----

iPQEAQEKAF4FAlJm5sBXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0
N0VDQTAzAAoJEKipC46tDG5pyTID/iiqs8VQquGq9VxkJK2hGhTgksU0GhK4kREm
TAjhg1184ls4RNPjUkErlcvaGU3R2FOnIfYUufEz8hV71Qsi/QJ7oMH+/qKWsFZ+
kQVrvzr53UGEF2OOmF6khn6naYX3d1Ueke3Gaq4jUTjlJOhN2VcKTJl8Ayl1aoiJ
PWmL07ma
=hdmI
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list