Phil Pennock via Gnupg-users wrote:
[...]
Problem: we use PGP for signing and for certain transactions which need
high confidentiality, but for the most part, for most of our staff,
setting up a PGP-capable mail client with our mail-provider is a pain
and we're not interested. We want the PGP keys _available_ for people
to have a trusted path to the key, but that does _not_ mean that we want
people to default to using PGP for all communications with us.
Simple option if most users at your site will be generating PGP
signatures but not running PGP-capable MUAs: generate sign-only keys
and put those in WKD. You would need a second mechanism for
distributing the encryption-permitted keys for those users who need
them, but the encryption keys could in turn be signed with the WKD
sign-only keys to prevent a man-in-the-middle attack.
-- Jacob
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users
