-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On Thursday 4 January 2018 at 1:34:30 AM, in <mid:d1782a47-7888-aa88-ab35-a6a8e0e17...@gmail.com>, Lou Wynn wrote:- > Your first comment above mentioned no 3rd-party CA is needed for PGP > users, but the reference still requires users to manage their trust. > In my opinion, PGP has an unnecessarily complicated trust management > recommendation: the web of trust, when used in an enterprise > environment. It is up to the enterprise how simple or complicated they choose to make it. Their internal web of trust could be a simple hierarchy. > My goal is to simplify user-side trust management work > to zero, and the result is the concept of trust realm and trust > group. How complicated is user-side trust management within an enterprise environment? If their internal web of trust is a simple hierarchy, each user's software automatically trusts all other employees. For business partners, the enterprise's certification key would have to be able to sign the business partner's key as a trusted introducer but only for staff at their own domain. Perhaps the use of Web Key Directory [0] is already a simple enough solution. The organisation's particular threat model may not require the keys of business partners' staff to be signed at all as long as each contact consistently uses the same key. In that case, Trust On First Use (TOFU) [1] may be sufficient. [0] <https://www.gnupg.org/blog/20161027-hosting-a-web-key-directory.html> [1] <https://www.gnupg.org/blog/20151103-gnupg-in-october.html#sec-1-5> - -- Best regards MFPA <mailto:2017-r3sgs86x8e-lists-gro...@riseup.net> Never trust a dog with orange eyebrows -----BEGIN PGP SIGNATURE----- iNUEARYKAH0WIQSWDIYo1ZL/jN6LsL/g4t7h1sju+gUCWk415F8UgAAAAAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0OTYw Qzg2MjhENTkyRkY4Q0RFOEJCMEJGRTBFMkRFRTFENkM4RUVGQQAKCRDg4t7h1sju +p3PAQCwGkiAzOTumDV1rSPtSSLI+Ox155txEAiB/KPhNdUiNgEAhJsh8iXOJEB7 4x/9Mr74vObJlmhY8xp4F/G6y1klUA2JApMEAQEKAH0WIQRSX6konxd5jbM7JygT DfUWES/A/wUCWk415F8UgAAAAAAuAChpc3N1ZXItZnByQG5vdGF0aW9ucy5vcGVu cGdwLmZpZnRoaG9yc2VtYW4ubmV0NTI1RkE5Mjg5RjE3Nzk4REIzM0IyNzI4MTMw REY1MTYxMTJGQzBGRgAKCRATDfUWES/A/+/jEACSWurMNn2RRQdT+mGkhS/VxIeb noHv3IgBgWUmMN0REwD+wxgH3qg1NIUA3dgNM22pBv/D3CIRyKQ0uWGle6HsdwHP YGDKWdqrhVbVj37nvGEYiXiEE/Eg6SZWUo7ukzqcnAexQSgb/NBVs/fvX8hwYV4M 7Rmg73vtq2zpVFI8aHwEUVBov+NMLugDDdsPJhBHHnzwcY3PHXo/SKgNo2DVe9EA fzxh68KyFKhpkOc5Pd9u7XtzaX9E0HBf1Bik9l9UQxq6hnOsewlHs6qFRoJRiKsh 7cWczb/01VsyqfXZSH4eWfxoy1TuRnQjX2hIH/9JVf7A1pJZxE0LLIgDs/NGRIRr SiLN/TFGrzun9ty7XhPQYjBMbIL3oPGUNEPsTisk0z2qq8HIMCeUT5JmM8fu1B3H F1asqR3lJVJOWrElkAxuX4ocB7slL9psyJMVWUb8/Fs2nnlOgmMD/KV2gDGVwmPY VXCJN8t2D8QZf3eUGODy7/jHMpAkz3f2vZw5E/y0vZVcGVoX2QAhMWWKZlg0FsR3 Y4Mi9fIlZGv/zEE/C6icV8g3+1eCKVtNRZW533O/NS9j6Y90gZBRN4qabJELVFNp IPCPCzRMYbJkPXSnhcF2NfFraXMe7/CVITijdo2R8XmyYud8wuL6RDXwqZz2p8pt YlQ32ar6pqY7tZhplQ== =iXSr -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users