On 17.05.2007 16:10, Janusz A. Urbanowicz wrote: [...] > When I did similar things the setup was as follows: > > * there is one well-guarded organization key (org key) > * every person involved has a key signed by the org key > * people keys have designated-revoker set to org key > * all OpenPGP software installation have: > ** mandatory encrypt-to org key
Which option is that in gpg.conf? > ** ultimate trust for the org key How does one deal with people quitting or people getting hired? You can revoke the keys for those that quit. But how do you inform coworkers that someone's key is revoked? Or similarly distribute the new public key to existing employees for someone who has been just hired? In-house keyserver? Thank you -- Eray _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users