+++ Anand Shankar [20/08/08 07:49 +0530]: >1. Wanted to set up a GPG Key Server inside my organisation intranet. >I could not find an option to do that. Is it necessary / good idea to >use a Public Key Server for such use?
I can't think of any even far-fetched security issue with using a public key server for an organization. There isn't anything to break in a public key. The only important thing to think about is not whether you should keep your GPG public key in a public key server. But that people exchange encrypted mails only with people whose keys they trust - that is, they have followed due process in personally verifying that the key belongs to the person they think they are mailing to. Or that the key is signed by a person you trust. To give an example, it would be careless to see a key ID in somebody's mail, download the key and then send an encrypted mail to the person. You should preferably contact the person personally and verify his key (needs to be done only once in the key's lifetime) or check the sigs to see if they match somebody you trust. Many people in orgs miss this part of the GPG security model and mistakenly assume that just because they are using something with encryption, nothing can go wrong. - Sandip -- Sandip Bhattacharya http://blog.sandipb.net _______________________________________________ ilugd mailinglist -- [email protected] http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/[email protected]/
