Modernizing Web-of-trust for Organizations

Lou Wynn lewisurn at
Thu Jan 4 23:14:41 CET 2018

On 01/04/2018 02:04 PM, Kristian Fiskerstrand wrote:
>> I don't think it necessary to use business unit level certifying keys in
>> my design. It introduces management overhead which shadows its benefits.
>> If you understand the concept of trust realm/trust group and its
>> verification methods I described before, then there is no need for a key
>> hierarchy at all. Can you describe a use case that demands the use of
>> unit level certifying key? I'll try to explain how to implement it with
>> trust realm and groups.
> I didn't necessarily say businsess unit level CA, but separation between
> employee and business partner CAs.
Compared to using two CAs, my design introduces two properties to a
certificate. One is the certificate type, which is "p" for a partner and
"e" for an employee. The other property is the trust group, which is a
list of groups and tells the certificate verifier the groups that the
key belongs to. These two properties are implemented as notations of the


More information about the Gnupg-users mailing list