Modernizing Web-of-trust for Organizations

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Fri Jan 5 01:06:57 CET 2018


On 01/05/2018 01:04 AM, Lou Wynn wrote:
> On 01/04/2018 02:57 PM, Kristian Fiskerstrand wrote:
>> On 01/04/2018 11:24 PM, Lou Wynn wrote:
>> but you add the requirement that all end users sending email to you
>> require to validate the auditing key as well (auditing is likely wrong
>> word, archiving is more likely relevant). for auditing you certainly
>> want gpg-agent monitoring of assuan channel in separate domain.
> I don't get the exact meaning of this paragraph.
> 
> I'll try to explain a little. If the administrator sets up the auditing
> policy (which implies that the auditing is an option), then the plugins
> of employees will also use the auditing key to encrypt a message besides
> receiver's public key. This is a little different from what I said
> earlier about users' plugins because this is a design decision which has
> not been finalized: whether to make employees or employees plus partners
> to use the auditing key. This might become an option too.

But in the end it doesn't matter, as the organization anyways has access
to the private key material of the employee. So a third party "auditing
key" is irrespective of any access goals.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Aut dosce, aut disce, aut discede
Either teach, or study, or leave

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180105/0b1daceb/attachment.sig>


More information about the Gnupg-users mailing list