Modernizing Web-of-trust for Organizations

Lou Wynn lewisurn at gmail.com
Thu Jan 4 23:14:41 CET 2018


On 01/04/2018 02:04 PM, Kristian Fiskerstrand wrote:
>> I don't think it necessary to use business unit level certifying keys in
>> my design. It introduces management overhead which shadows its benefits.
>> If you understand the concept of trust realm/trust group and its
>> verification methods I described before, then there is no need for a key
>> hierarchy at all. Can you describe a use case that demands the use of
>> unit level certifying key? I'll try to explain how to implement it with
>> trust realm and groups.
> I didn't necessarily say businsess unit level CA, but separation between
> employee and business partner CAs.
Compared to using two CAs, my design introduces two properties to a
certificate. One is the certificate type, which is "p" for a partner and
"e" for an employee. The other property is the trust group, which is a
list of groups and tells the certificate verifier the groups that the
key belongs to. These two properties are implemented as notations of the
certificate.

Thanks,
Lou






More information about the Gnupg-users mailing list