To amplify yet again ...
If persons 1-100 communicate within a company and all have their keys signed
by one (or more) administrators (H.R. + I.S. perhaps?), then they can easily
encrypt information to each other and verify each others' signatures even
when new employees are assigned keys.
To add another scenario:
A database contractor uses PGP to communicate with I.S. and I.S. meets with
them and exchanges key fingerprints, then signing each others' keys. If the
database contractor then E-mails someone else in the company, their key will
show as being authenic because it was signed by someone that person trusts.
If a third party within the database contractor's company then follows up on
the E-mail, the third party within your company will see their key as
authentic because it is signed by the contractor whose key is signed by your
I.S. manager. This multi-level web of trust makes it very easy to quickly
join other "webs of trust" within other organisations.
----- Original Message -----
From: "Ben Nagy" <[EMAIL PROTECTED]>
PGP's trust model is MUCH better for organisations that communicate mainly
within themselves. Since everyone in your organisation is probably
personally known by someone within one or two degrees of separation, the
concept of signed keys gives you much more faith that the message is
actually from who it purports to be from.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
