Managing Subkeys for Professional and Personal UIDs
Robert J. Hansen
rjh at sixdemonbag.org
Sat May 3 05:01:05 CEST 2014
> So i mean, sure, i can definitely imagine a company doing it the way you
> describe. I just don't think it's a good business practice.
Unfortunately, the world doesn't much care what we think of as good
business practices. And why should they? We're nerds -- we understand
technology, perhaps, but odds are good few if any of us have ever sat at
the CIO/CTO/CSO level. On what expertise do we declare it to be "not
good business practice"?
I agree that this is not the sort of business practice I would like to
see, but I'm not willing to go out on the limb with you and to declare
it a bad business practice.
And regardless of whether it's a good practice or a bad one, I've worked
in businesses that have done exactly this -- so it's a real-world
example that demonstrates the occasional need for a third party to
possess signing keys.
More information about the Gnupg-users