Modernizing Web-of-trust for Organizations

Lou Wynn lewisurn at gmail.com
Fri Jan 5 17:29:39 CET 2018


On 01/05/2018 01:10 AM, Kristian Fiskerstrand wrote:
> There are easily scenarios where a customer forgets to add the "auditing
> key", making the data unavailable to the organization, in particular in
> context of loss of employee.
>
The auditing key is certified by the root key and stays with the latter
in my design. Only the administrator can make policy to turn on/off
auditing, the client plugin takes corresponding actions automatically.
End users don't need to do anything, namely, using or not using the
auditing key to encrypt is completely transparent to end users. As a
result, there is no such issue of "forgetting to add it."

Thanks,
Lou




More information about the Gnupg-users mailing list