-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Wednesday 16 October 2013 at 9:19:19 PM, in <mid:l3msbv$jh3$1...@ger.gmane.org>, Brian J. Murrell wrote: > The corporation would not have a copy of the private > key since the corporation is completely uninvolved > other than (unknowingly) being the identity-checker and > providing the means to authoritatively communicate with > Bob (i.e. when I "message" bob@corporate.domain I know > it's Bob that I am talking to -- somebody in IT doing a > MITM attack aside -- but maybe that's enough of a risk > to make this infeasible). You would have the same > trust that only Bob has Bob's secret key as you would > any other GPG user whose key you signed. Any given GPG > user's competency in using GPG (i.e. keeping secret > keys secret, trusting other, etc.) is up to you, as it > always is. If the key was generated, stored, or used on the company's computer, all bets are off regarding Bob being the only one with access to a copy. - -- Best regards MFPA mailto:expires2...@ymail.com A wise man once said ..."I don't know." -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlJfBPtXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pZqwD/RsaAhIQ++BVj0kdmctZOhSaN9fooa9zUM2R 6ZPj0mdIzD8yLriWXBf+LjJJH0DQTDdjQFsh7XTE/4E3K8bGybRyciOzD4WcVHNn Y4kV/kYFX+uo/bjPsTX4h4XxkyfXeKmFti5ou1yxYPVsnNk6vFz1qHqh4EibwDI2 S0ratbwE =loQ1 -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
