Modernizing Web-of-trust for Organizations

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Fri Jan 5 10:10:15 CET 2018


On 01/05/2018 09:41 AM, Lou Wynn wrote:
> On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote:
>> Businesses have reasonable need to access their data, so they need to
>> have access to his private keys, which contradicts "which
>> is meant to prevent others from using his private keys", although
>> reading it again I presume you're limiting the statement to
>> non-authorized personnel in the normal scenario?
> This reason is vague and invalid. The purpose of a private key is
> two-fold: encryption and message authorization. The only need for an
> organization to access their data is decrypting the encrypted data,
> which is satisfied by the auditing key. I don't see any valid reason to
> damage message authorization.

There are easily scenarios where a customer forgets to add the "auditing
key", making the data unavailable to the organization, in particular in
context of loss of employee.

-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP keyblock at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
"Success is getting what you want. Happiness is wanting what you get"
(Dale Carnegie)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180105/77fdeed3/attachment-0001.sig>


More information about the Gnupg-users mailing list