On 17-10-2013 12:37, Brian J. Murrell wrote: >> If the key was generated, stored, or used on the company's computer, >> all bets are off regarding Bob being the only one with access to a >> copy.
> Why would it be? There is no reason, with this verification scheme that > anyone's private keys (or public keys for that matter) go anywhere near > the company's computer. Yes there is: the practical point of using those keys. Why would a HR department sign employees keys? I assume to have the employee use it in encrypted communications with collegues / customers / whoever. To do that, the key needs to be on a company computer in most cases. There are exceptions of cource (like working at home on your own hardware) but they are not the norm so I wouldn't blindly assume that to be the case. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
