-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Am 04.05.2014 10:30, schrieb Robert J. Hansen: > > Are there good business reasons for third party escrow of signing > keys? Quite probably. If you can think of a situation where an > autopen is appropriate, whether in business or in government, > that's also a situation where third-party escrow of signing keys > would also likely be appropriate. >
No, there are no good reasons. There is no technical problem to give different signers the same rights to make certain signatures but make it comprehensible who actually signed it. This is important in case an error happened or someone intentionally did something wrong to commit a crime. In a world were everyone would do the right thing and didn't make mistakes I would be definitely with you. It would be no problem to not be able to distinguish who actually made a signature. But we are not living in that world. And you should know that. I read your story "Two Thousand Miles to the Promised Land". Just imagine that guy being able to make signatures appeared to be made by you or anyone else in the company without the recipient knowing, juts because there have been "good business reasons". Imagine how much more damage he could have done. So again, there are no good business reason. There are only reasons like laziness, stupidity or it costs to much. And it costs to much might be a legitimate reason in our world. But only so long someone made damage that is higher than the cost to make it right from the beginning. And as a side note. Your answer to my other mail completely missed my point. I was saying that you are using phrases and rhetoric rather than arguments to try to defend your point. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEAREKAAYFAlNmCoYACgkQ/6vdZgk46sjI1gCfb7+PXECe2By1dDjkdshLvjvx qpAAnA3u2C3tKx9ivulWwTD6SexqnS4y =xPrL -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
