Modernizing Web-of-trust for Organizations

Kristian Fiskerstrand kristian.fiskerstrand at
Thu Jan 4 23:08:23 CET 2018

On 01/04/2018 10:58 PM, Lou Wynn wrote:
> It's doable, but I'd like to make sure that I understand what you
> mean by "within corporate infrastructure?" Do you mean the client
> plugin sends requests to the server to decrypt and verify received
> messages?

no, there isn't necessarily a client plugin, the gateway decrypts the
message before it hits the internal email server, so end-user sees
un-encrypted message, this is protecting transport, but security of
on-site is ensures through different channels

> This is definitely a trade-off between key security and performance.
> But I don't see any obvious benefits given that the user's computer
> that runs the client plugin also belongs to corporate infrastructure.
> If the user's computer is compromised, then the administrator simply
> clean up the computer and re-install or re-initialize user's email
> client, which includes the client plugin.

I don't see this as disagreeing, this means you don't have any benefit
from storing the email in encrypted form once it hits the corporate
network, so you're better off decryption it at gateway anyways.

Kristian Fiskerstrand
Twitter: @krifisk
Public OpenPGP keyblock at hkp://
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"A committee is a group that keeps minutes and loses hours."
(Milton Berle)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-users mailing list