On Fri, 27 Mar 2009 15:47:27 +0100 Christoph Gröver <[email protected]> wrote:
> This way nobody has to think about it and signing works transparently > for everyone. We would have one key for all, like a corporate key. You may want to ask legal how they feel about adding nonrepudiation automatically to every message. If you had a system where you could make a meaningful assertion about the identity of a mail originator and you could secure a key without using a passphrase then you might use OpenPGP to make that assertion by operating GnuPG in batch mode. It's much more likely, however, that the type of identity you wish to assert is not compatible with the OpenPGP model and that the security infrastucture is inadequate to make that assertion meaningfully. Think, for example, about key signing. Who would be qualified to verify that the key is connected with the identity in any meaningful way? The corporate value of public key cryptography is much more readily attained using DKIM. Milter setup and key management for signing DKIM mail is pretty straight forward. You place your key in Text records in DNS. That establishes a meaningful connection between the identity of the sender (or at least ownership of the mail server) and the owner of the domain. Setting up DKIM with Postfix was at least as easy as setting up GPG with Claws and it makes an identity assertion that is appropriate for a server environment. Chris
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
