On 13-10-17 09:07 AM, Johan Wevers wrote: > > Yes there is: the practical point of using those keys. Why would a HR > department sign employees keys?
Look at my update to this thread yesterday. I already said in that message that the HR department is NOT signing keys and that the corporation in fact is not even involved with GPG in any way whatsoever. > I assume to have the employee use it in > encrypted communications with collegues / customers / whoever. No. This has nothing to do with corporate key use. This is merely a way for individuals, as individuals to enhance the certification of their keys by having a "virtual keysigning party" within their company. This is no different than going to your LUG and having a keysigning party there. The LUG itself does not participate in any way (i.e. signing keys, etc.) other than to provide a venue for the people to meet. In my proposed scenario, the corporation is doing nothing more than providing a means for the participants to know that Bob is actually Bob because the company has checked his id and said he is and providing an authenticated means (again, IT being a black-hat aside) to communicate with Bob and verify fingerprints, etc. b.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
