Modernizing Web-of-trust for Organizations

Lou Wynn lewisurn at
Thu Jan 4 23:04:05 CET 2018

On 01/04/2018 01:04 PM, Ben McGinnes wrote:
> On Thu, Jan 04, 2018 at 12:40:59AM +0000, MFPA wrote:
>> For example, my ISP [0] says "All staff keys are signed using the
>> company signing key. This is very much like a traditional company
>> seal. Only the director has access to this key and it is only used
>> for signing other keys. If/when a member of staff leaves a
>> revocation is issued of that signature and loaded on to keyservers."
>> [0] <>
> Cute, but they're fast approaching the point where anyone with a
> decent beowolf cluster and an axe to grind could mess with that 1K
> certification key they're using there.

Can you explain what the problem is? I don't really know what you mean,
but I've love to hear.


More information about the Gnupg-users mailing list