* David Shaw <[EMAIL PROTECTED]> wrote: >> >> So my current attempt is: the employee has to add the company key as >> a revoker and then export it to the keyserver. So the company key is >> able to revoke any employees key. > > Note that those methods are only useful so long as the communication > partner gets the key from your company (a web page, a company > keyserver, or the like), and not from a public keyserver or from the > employee. The reason for this is that keys or signatures can be > 'unrevoked' by a malicious 3rd party (who may or may not be the > employee).
The official public key from our company is on our company website. Thanks for the hint I forgot to mention. So either with revoking the signature or (or better "and") revoking the key with the "add revoker"-method, the concept is OK. Right? I don't want to get into any troubles in future because I forgot some issue I did not thought of ... :-) -- Karl Voit _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
