Modernizing Web-of-trust for Organizations
Ben McGinnes
ben at adversary.org
Thu Jan 4 22:04:59 CET 2018
On Thu, Jan 04, 2018 at 12:40:59AM +0000, MFPA wrote:
>
> For example, my ISP [0] says "All staff keys are signed using the
> company signing key. This is very much like a traditional company
> seal. Only the director has access to this key and it is only used
> for signing other keys. If/when a member of staff leaves a
> revocation is issued of that signature and loaded on to keyservers."
>
> [0] <http://aa.net.uk/contact-pgp.html>
Cute, but they're fast approaching the point where anyone with a
decent beowolf cluster and an axe to grind could mess with that 1K
certification key they're using there. Perhaps one of their loyal
customers with extensive experience in weird edge cases of PGP and GPG
use could smack them upside of the proverbial head with a
clue-by-four. ;)
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180105/f389a42e/attachment.sig>
More information about the Gnupg-users
mailing list