Modernizing Web-of-trust for Organizations

Lou Wynn lewisurn at gmail.com
Thu Jan 4 23:04:05 CET 2018


On 01/04/2018 01:04 PM, Ben McGinnes wrote:
> On Thu, Jan 04, 2018 at 12:40:59AM +0000, MFPA wrote:
>> For example, my ISP [0] says "All staff keys are signed using the
>> company signing key. This is very much like a traditional company
>> seal. Only the director has access to this key and it is only used
>> for signing other keys. If/when a member of staff leaves a
>> revocation is issued of that signature and loaded on to keyservers."
>>
>> [0] <http://aa.net.uk/contact-pgp.html>
> Cute, but they're fast approaching the point where anyone with a
> decent beowolf cluster and an axe to grind could mess with that 1K
> certification key they're using there.

Can you explain what the problem is? I don't really know what you mean,
but I've love to hear.

Thanks,
Lou





More information about the Gnupg-users mailing list