-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Thursday 17 October 2013 at 11:37:35 AM, in <mid:l3oel7$7ur$1...@ger.gmane.org>, Brian J. Murrell wrote: > On 13-10-16 05:28 PM, MFPA wrote: >> If the key was generated, stored, or used on the >> company's computer, all bets are off regarding Bob >> being the only one with access to a copy. > Why would it be? There is no reason, with this > verification scheme that anyone's private keys (or > public keys for that matter) go anywhere near the > company's computer. > Cheers, b. When you said you would be messaging "bob@corporate.domain" I interpreted that in the context of a discussion about OpenPGP keys to mean you were exchanging encrypted communications with that email address. It appears you probably meant the communication with "bob@corporate.domain" was the out-of-band channel by which you and Bob told each other your OpenPGP key fingerprints, and that being able to send emails from those corporate accounts also doubled as identity verification (because only the individual knows the relevant credentials to send from "their" corporate email address, and the company is required to verify government-issued ID documents when engaging staff). The bit about the employer having to verify people's ID may lead me to accept a corporate ID card as an alternative to government-issued ID. As for use of a corporate email address, could I be sure that Bob locked his computer every time he left his desk? Or that nobody else would ever have access to a written record of Bob's passwords? Or that, in Bob's absence, a substitute would never use Bob's email address when covering his work? - -- Best regards MFPA mailto:expires2...@ymail.com If at first you don't succeed, destroy all evidence that you tried. -----BEGIN PGP SIGNATURE----- iPQEAQEKAF4FAlJm5sBXFIAAAAAALgAgaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldEJBMjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0 N0VDQTAzAAoJEKipC46tDG5pyTID/iiqs8VQquGq9VxkJK2hGhTgksU0GhK4kREm TAjhg1184ls4RNPjUkErlcvaGU3R2FOnIfYUufEz8hV71Qsi/QJ7oMH+/qKWsFZ+ kQVrvzr53UGEF2OOmF6khn6naYX3d1Ueke3Gaq4jUTjlJOhN2VcKTJl8Ayl1aoiJ PWmL07ma =hdmI -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
