On 01/05/2018 09:41 AM, Lou Wynn wrote: > On 01/05/2018 12:18 AM, Kristian Fiskerstrand wrote: >> Businesses have reasonable need to access their data, so they need to >> have access to his private keys, which contradicts "which >> is meant to prevent others from using his private keys", although >> reading it again I presume you're limiting the statement to >> non-authorized personnel in the normal scenario? > This reason is vague and invalid. The purpose of a private key is > two-fold: encryption and message authorization. The only need for an > organization to access their data is decrypting the encrypted data, > which is satisfied by the auditing key. I don't see any valid reason to > damage message authorization.
There are easily scenarios where a customer forgets to add the "auditing key", making the data unavailable to the organization, in particular in context of loss of employee. -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- "Success is getting what you want. Happiness is wanting what you get" (Dale Carnegie)
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users